Closed jrwdunham closed 2 years ago
Fixes 51
The samesite cookie attribute needs to be set to None in order for Dative to be able to store OLD cookies when the two apps are on different URLs.
None
In prod, session.secure should be True so that cookies only work over HTTPS. However, in local development doing this will break integration tests.
session.secure
True
config.ini
false
old/__init__.py
OLD_SESSION_SECURE
OLD_SESSION_SAMESITE
session.samesite
Fixes 51
Rationale
The samesite cookie attribute needs to be set to
None
in order for Dative to be able to store OLD cookies when the two apps are on different URLs.Considerations
In prod,
session.secure
should beTrue
so that cookies only work over HTTPS. However, in local development doing this will break integration tests.Changes
config.ini
to accept these values with defaultsfalse
andNone
, respectively.old/__init__.py
so that:OLD_SESSION_SECURE
can override theconfig.ini
session.secure
value, andOLD_SESSION_SAMESITE
can override theconfig.ini
session.samesite
value.