feat(settings): possibilité de paramètrer la politique d'envoi des cookies (session et CSRF token)
parent
54ad46eae3
commit
cb778e02a9
|
@ -263,6 +263,22 @@ SESSION_COOKIE_PATH = APP_LOCATION
|
|||
# https://docs.djangoproject.com/en/stable/ref/settings/#csrf-cookie-path
|
||||
CSRF_COOKIE_PATH = APP_LOCATION
|
||||
|
||||
cookie_secure = (
|
||||
True if env('COOKIE_SAMESITE', default='Lax') == 'None' else False
|
||||
)
|
||||
|
||||
# https://docs.djangoproject.com/en/stable/ref/settings/#csrf-cookie-samesite
|
||||
CSRF_COOKIE_SAMESITE = env('COOKIE_SAMESITE', default='Lax')
|
||||
|
||||
# https://docs.djangoproject.com/en/stable/ref/settings/#csrf-cookie-secure
|
||||
CSRF_COOKIE_SECURE = cookie_secure
|
||||
|
||||
# https://docs.djangoproject.com/en/stable/ref/settings/#session-cookie-samesite
|
||||
SESSION_COOKIE_SAMESITE = env('COOKIE_SAMESITE', default='Lax')
|
||||
|
||||
# https://docs.djangoproject.com/en/stable/ref/settings/#session-cookie-secure
|
||||
SESSION_COOKIE_SECURE = cookie_secure
|
||||
|
||||
# ------------------------------------------------------------------------------
|
||||
# APPLICATION AND 3RD PARTY LIBRARY SETTINGS
|
||||
# ------------------------------------------------------------------------------
|
||||
|
|
|
@ -97,3 +97,6 @@
|
|||
|
||||
# Upstream source for new release checking
|
||||
#UPSTREAM_RELEASES=https://forge.cliss21.org/api/v1/repos/cliss21/benevalibre/tags
|
||||
|
||||
# SameSite Policy for sending cookies (CSRF Token and Session). Should 'Lax' or 'Strict' for security reasons
|
||||
#COOKIE_SAMESITE=Lax
|
||||
|
|
Loading…
Reference in New Issue