make session and tile cookies samesite=none so that things work when embedded in an iframe

2023-12-25 14:16:10 +01:00 · 2023-12-25 14:16:10 +01:00 · 3e9933890d
commit 3e9933890d
parent 21c8db79b7
1 changed files with 2 additions and 1 deletions
--- a/src/c3nav/settings.py
+++ b/src/c3nav/settings.py
@ -295,6 +295,7 @@ SESSION_COOKIE_NAME = 'c3nav_session'
 SESSION_COOKIE_DOMAIN = config.get('c3nav', 'session_cookie_domain', fallback=None)
 SESSION_COOKIE_HTTPONLY = True
 SESSION_COOKIE_SECURE = not DEBUG
+SESSION_COOKIE_SAMESITE = 'none'

 LANGUAGE_COOKIE_NAME = 'c3nav_language'

@ -305,7 +306,7 @@ TILE_ACCESS_COOKIE_NAME = 'c3nav_tile_access'
 TILE_ACCESS_COOKIE_DOMAIN = config.get('c3nav', 'tile_access_cookie_domain', fallback=None)
 TILE_ACCESS_COOKIE_HTTPONLY = True
 TILE_ACCESS_COOKIE_SECURE = not DEBUG
-TILE_ACCESS_COOKIE_SAMESITE = 'strict'
+TILE_ACCESS_COOKIE_SAMESITE = 'none'


 # Application definition