From 3e9933890d6016bc97bc88aad2e432617f4a3db7 Mon Sep 17 00:00:00 2001
From: Gwendolyn <me@gwendolyn.dev>
Date: Mon, 25 Dec 2023 14:16:10 +0100
Subject: [PATCH] make session and tile cookies samesite=none so that things
 work when embedded in an iframe

---
 src/c3nav/settings.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/c3nav/settings.py b/src/c3nav/settings.py
index 2f970e2f..313339f9 100644
--- a/src/c3nav/settings.py
+++ b/src/c3nav/settings.py
@@ -295,6 +295,7 @@ SESSION_COOKIE_NAME = 'c3nav_session'
 SESSION_COOKIE_DOMAIN = config.get('c3nav', 'session_cookie_domain', fallback=None)
 SESSION_COOKIE_HTTPONLY = True
 SESSION_COOKIE_SECURE = not DEBUG
+SESSION_COOKIE_SAMESITE = 'none'
 
 LANGUAGE_COOKIE_NAME = 'c3nav_language'
 
@@ -305,7 +306,7 @@ TILE_ACCESS_COOKIE_NAME = 'c3nav_tile_access'
 TILE_ACCESS_COOKIE_DOMAIN = config.get('c3nav', 'tile_access_cookie_domain', fallback=None)
 TILE_ACCESS_COOKIE_HTTPONLY = True
 TILE_ACCESS_COOKIE_SECURE = not DEBUG
-TILE_ACCESS_COOKIE_SAMESITE = 'strict'
+TILE_ACCESS_COOKIE_SAMESITE = 'none'
 
 
 # Application definition