Closed jrwdunham closed 2 years ago
Fixes 51
The samesite cookie attribute needs to be set to None in order for Dative to be able to store OLD cookies when the two apps are on different URLs.
None
In prod, session.secure should be True so that cookies only work over HTTPS. However, in local development doing this will break integration tests.
session.secure
True
config.ini
false
old/__init__.py
OLD_SESSION_SECURE
OLD_SESSION_SAMESITE
session.samesite
Fixes 51
Rationale
The samesite cookie attribute needs to be set to
Nonein order for Dative to be able to store OLD cookies when the two apps are on different URLs.Considerations
In prod,
session.secureshould beTrueso that cookies only work over HTTPS. However, in local development doing this will break integration tests.Changes
config.inito accept these values with defaultsfalseandNone, respectively.old/__init__.pyso that:OLD_SESSION_SECUREcan override theconfig.inisession.securevalue, andOLD_SESSION_SAMESITEcan override theconfig.inisession.samesitevalue.