From 907c01d756577305646a618d0c8c1cd99aa94817 Mon Sep 17 00:00:00 2001
From: Gwendolyn <me@gwendolyn.dev>
Date: Mon, 25 Dec 2023 15:19:15 +0100
Subject: [PATCH] only use samesite=none with secure cookies

---
 src/c3nav/settings.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/c3nav/settings.py b/src/c3nav/settings.py
index 313339f9..3a872f39 100644
--- a/src/c3nav/settings.py
+++ b/src/c3nav/settings.py
@@ -295,7 +295,7 @@ SESSION_COOKIE_NAME = 'c3nav_session'
 SESSION_COOKIE_DOMAIN = config.get('c3nav', 'session_cookie_domain', fallback=None)
 SESSION_COOKIE_HTTPONLY = True
 SESSION_COOKIE_SECURE = not DEBUG
-SESSION_COOKIE_SAMESITE = 'none'
+SESSION_COOKIE_SAMESITE = 'none' if SESSION_COOKIE_SECURE else 'lax'
 
 LANGUAGE_COOKIE_NAME = 'c3nav_language'
 
@@ -306,7 +306,7 @@ TILE_ACCESS_COOKIE_NAME = 'c3nav_tile_access'
 TILE_ACCESS_COOKIE_DOMAIN = config.get('c3nav', 'tile_access_cookie_domain', fallback=None)
 TILE_ACCESS_COOKIE_HTTPONLY = True
 TILE_ACCESS_COOKIE_SECURE = not DEBUG
-TILE_ACCESS_COOKIE_SAMESITE = 'none'
+TILE_ACCESS_COOKIE_SAMESITE = 'none' if SESSION_COOKIE_SECURE else 'lax'
 
 
 # Application definition