Browse Source

feat(settings): possibilité de paramètrer la politique d'envoi des cookies (session et CSRF token)

pull/254/head
Antoine 1 month ago
parent
commit
cb778e02a9
  1. 16
      benevalibre/settings/base.py
  2. 3
      config.env.example

16
benevalibre/settings/base.py

@ -263,6 +263,22 @@ SESSION_COOKIE_PATH = APP_LOCATION @@ -263,6 +263,22 @@ SESSION_COOKIE_PATH = APP_LOCATION
# https://docs.djangoproject.com/en/stable/ref/settings/#csrf-cookie-path
CSRF_COOKIE_PATH = APP_LOCATION
cookie_secure = (
True if env('COOKIE_SAMESITE', default='Lax') == 'None' else False
)
# https://docs.djangoproject.com/en/stable/ref/settings/#csrf-cookie-samesite
CSRF_COOKIE_SAMESITE = env('COOKIE_SAMESITE', default='Lax')
# https://docs.djangoproject.com/en/stable/ref/settings/#csrf-cookie-secure
CSRF_COOKIE_SECURE = cookie_secure
# https://docs.djangoproject.com/en/stable/ref/settings/#session-cookie-samesite
SESSION_COOKIE_SAMESITE = env('COOKIE_SAMESITE', default='Lax')
# https://docs.djangoproject.com/en/stable/ref/settings/#session-cookie-secure
SESSION_COOKIE_SECURE = cookie_secure
# ------------------------------------------------------------------------------
# APPLICATION AND 3RD PARTY LIBRARY SETTINGS
# ------------------------------------------------------------------------------

3
config.env.example

@ -97,3 +97,6 @@ @@ -97,3 +97,6 @@
# Upstream source for new release checking
#UPSTREAM_RELEASES=https://forge.cliss21.org/api/v1/repos/cliss21/benevalibre/tags
# SameSite Policy for sending cookies (CSRF Token and Session). Should 'Lax' or 'Strict' for security reasons
#COOKIE_SAMESITE=Lax

Loading…
Cancel
Save
Map all the world