summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAlejandro Sirgo Rica <asirgo@soleta.eu>2024-06-27 16:35:45 +0200
committerAlejandro Sirgo Rica <asirgo@soleta.eu>2024-06-28 08:43:34 +0200
commit31d6065a85f51620e282112acef66aa9c92dc749 (patch)
tree623518ed5f253d367f4490d56fe8f8611a65fd66
parent57b78a03bd86a5ae4055cbce47014d9fab3ee710 (diff)
ogcp: set default SameSite attribute in session cookie1.1.3-23
Set the SameSite attribute to 'Lax' if not defined. The SameSite attribute is a cross-site tracking prevention measure and defines when cookies are sent within the HTTP headers and the cases when they are not sent. The 'Lax' configuration has the following features: - Cookies are sent with same domain requests. - Cookies are sent when the user navigates to your site by clicking a link or submitting a form from another site. - Not sent with requests made from other sites such as embeded content. Prevent warning from browsers such as Firefox from complaining about undefined SameSite value.
-rw-r--r--ogcp/__init__.py4
1 files changed, 4 insertions, 0 deletions
diff --git a/ogcp/__init__.py b/ogcp/__init__.py
index b0ef164..0e16630 100644
--- a/ogcp/__init__.py
+++ b/ogcp/__init__.py
@@ -16,6 +16,10 @@ ogcp_cfg_path = 'cfg/ogcp.json'
app = Flask(__name__)
app.config.from_json(ogcp_cfg_path)
+
+if 'SESSION_COOKIE_SAMESITE' not in app.config or not app.config['SESSION_COOKIE_SAMESITE']:
+ app.config['SESSION_COOKIE_SAMESITE'] = 'Lax'
+
app.secret_key = urandom(16)
class NoScopeStatus(logging.Filter):