diff options
| author | Alejandro Sirgo Rica <asirgo@soleta.eu> | 2024-06-27 16:35:45 +0200 |
|---|---|---|
| committer | Alejandro Sirgo Rica <asirgo@soleta.eu> | 2024-06-28 08:43:34 +0200 |
| commit | 31d6065a85f51620e282112acef66aa9c92dc749 (patch) | |
| tree | 623518ed5f253d367f4490d56fe8f8611a65fd66 | |
| parent | 57b78a03bd86a5ae4055cbce47014d9fab3ee710 (diff) | |
ogcp: set default SameSite attribute in session cookie1.1.3-23
Set the SameSite attribute to 'Lax' if not defined.
The SameSite attribute is a cross-site tracking prevention measure
and defines when cookies are sent within the HTTP headers and
the cases when they are not sent.
The 'Lax' configuration has the following features:
- Cookies are sent with same domain requests.
- Cookies are sent when the user navigates to your site by clicking
a link or submitting a form from another site.
- Not sent with requests made from other sites such as embeded content.
Prevent warning from browsers such as Firefox from complaining
about undefined SameSite value.
| -rw-r--r-- | ogcp/__init__.py | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/ogcp/__init__.py b/ogcp/__init__.py index b0ef164..0e16630 100644 --- a/ogcp/__init__.py +++ b/ogcp/__init__.py @@ -16,6 +16,10 @@ ogcp_cfg_path = 'cfg/ogcp.json' app = Flask(__name__) app.config.from_json(ogcp_cfg_path) + +if 'SESSION_COOKIE_SAMESITE' not in app.config or not app.config['SESSION_COOKIE_SAMESITE']: + app.config['SESSION_COOKIE_SAMESITE'] = 'Lax' + app.secret_key = urandom(16) class NoScopeStatus(logging.Filter): |