add samesite=strict for tile cookie

2023-12-11 19:10:49 +01:00 · 2023-12-11 19:10:49 +01:00 · 22f1777c1c
commit 22f1777c1c
parent 607c3f82fa
2 changed files with 3 additions and 1 deletions
--- a/src/c3nav/mapdata/views.py
+++ b/src/c3nav/mapdata/views.py
@ -28,7 +28,8 @@ def set_tile_access_cookie(request, response):
        response.set_cookie(settings.TILE_ACCESS_COOKIE_NAME, cookie, max_age=60,
                            domain=settings.TILE_ACCESS_COOKIE_DOMAIN,
                            httponly=settings.TILE_ACCESS_COOKIE_HTTPONLY,
-                            secure=settings.TILE_ACCESS_COOKIE_SECURE)
+                            secure=settings.TILE_ACCESS_COOKIE_SECURE,
+                            samesite=settings.TILE_ACCESS_COOKIE_SAMESITE)
    else:
        response.delete_cookie(settings.TILE_ACCESS_COOKIE_NAME)
    response['Cache-Control'] = 'no-cache'
--- a/src/c3nav/settings.py
+++ b/src/c3nav/settings.py
@ -302,6 +302,7 @@ TILE_ACCESS_COOKIE_NAME = 'c3nav_tile_access'
 TILE_ACCESS_COOKIE_DOMAIN = config.get('c3nav', 'tile_access_cookie_domain', fallback=None)
 TILE_ACCESS_COOKIE_HTTPONLY = True
 TILE_ACCESS_COOKIE_SECURE = not DEBUG
+TILE_ACCESS_COOKIE_SAMESITE = 'strict'


 # Application definition