only use samesite=none with secure cookies

2023-12-25 15:19:15 +01:00 · 2023-12-25 15:19:15 +01:00 · 907c01d756
commit 907c01d756
parent fba5c2cbd4
1 changed files with 2 additions and 2 deletions
--- a/src/c3nav/settings.py
+++ b/src/c3nav/settings.py
@ -295,7 +295,7 @@ SESSION_COOKIE_NAME = 'c3nav_session'
 SESSION_COOKIE_DOMAIN = config.get('c3nav', 'session_cookie_domain', fallback=None)
 SESSION_COOKIE_HTTPONLY = True
 SESSION_COOKIE_SECURE = not DEBUG
-SESSION_COOKIE_SAMESITE = 'none'
+SESSION_COOKIE_SAMESITE = 'none' if SESSION_COOKIE_SECURE else 'lax'

 LANGUAGE_COOKIE_NAME = 'c3nav_language'

@ -306,7 +306,7 @@ TILE_ACCESS_COOKIE_NAME = 'c3nav_tile_access'
 TILE_ACCESS_COOKIE_DOMAIN = config.get('c3nav', 'tile_access_cookie_domain', fallback=None)
 TILE_ACCESS_COOKIE_HTTPONLY = True
 TILE_ACCESS_COOKIE_SECURE = not DEBUG
-TILE_ACCESS_COOKIE_SAMESITE = 'none'
+TILE_ACCESS_COOKIE_SAMESITE = 'none' if SESSION_COOKIE_SECURE else 'lax'


 # Application definition