feat(settings): possibilité de paramètrer la politique d'envoi des cookies (session et CSRF token)

pull/254/head
Antoine 2023-04-17 19:13:06 +02:00
parent 54ad46eae3
commit cb778e02a9
2 changed files with 19 additions and 0 deletions

View File

@ -263,6 +263,22 @@ SESSION_COOKIE_PATH = APP_LOCATION
# https://docs.djangoproject.com/en/stable/ref/settings/#csrf-cookie-path
CSRF_COOKIE_PATH = APP_LOCATION
cookie_secure = (
True if env('COOKIE_SAMESITE', default='Lax') == 'None' else False
)
# https://docs.djangoproject.com/en/stable/ref/settings/#csrf-cookie-samesite
CSRF_COOKIE_SAMESITE = env('COOKIE_SAMESITE', default='Lax')
# https://docs.djangoproject.com/en/stable/ref/settings/#csrf-cookie-secure
CSRF_COOKIE_SECURE = cookie_secure
# https://docs.djangoproject.com/en/stable/ref/settings/#session-cookie-samesite
SESSION_COOKIE_SAMESITE = env('COOKIE_SAMESITE', default='Lax')
# https://docs.djangoproject.com/en/stable/ref/settings/#session-cookie-secure
SESSION_COOKIE_SECURE = cookie_secure
# ------------------------------------------------------------------------------
# APPLICATION AND 3RD PARTY LIBRARY SETTINGS
# ------------------------------------------------------------------------------

View File

@ -97,3 +97,6 @@
# Upstream source for new release checking
#UPSTREAM_RELEASES=https://forge.cliss21.org/api/v1/repos/cliss21/benevalibre/tags
# SameSite Policy for sending cookies (CSRF Token and Session). Should 'Lax' or 'Strict' for security reasons
#COOKIE_SAMESITE=Lax