🐛 Add missing help_text for cookie samesite envvars

maykinmedia · Aug 15, 2024 · 2dfbf01 · 2dfbf01
1 parent 9fd9498
commit 2dfbf01
Showing 1 changed file with 17 additions and 2 deletions.
diff --git a/open_api_framework/conf/base.py b/open_api_framework/conf/base.py
@@ -539,10 +539,25 @@
 #
 SESSION_COOKIE_SECURE = IS_HTTPS
 SESSION_COOKIE_HTTPONLY = True
-SESSION_COOKIE_SAMESITE = config("SESSION_COOKIE_SAMESITE", "Strict")
+SESSION_COOKIE_SAMESITE = config(
+    "SESSION_COOKIE_SAMESITE",
+    "Strict",
+    help_text=(
+        "The value of the SameSite flag on the session cookie. This flag prevents the "
+        "cookie from being sent in cross-site requests thus preventing CSRF attacks and "
+        "making some methods of stealing session cookie impossible."
+    ),
+)
 
 CSRF_COOKIE_SECURE = IS_HTTPS
-CSRF_COOKIE_SAMESITE = config("CSRF_COOKIE_SAMESITE", "Strict")
+CSRF_COOKIE_SAMESITE = config(
+    "CSRF_COOKIE_SAMESITE",
+    "Strict",
+    help_text=(
+        "The value of the SameSite flag on the CSRF cookie. This flag prevents the cookie "
+        "from being sent in cross-site requests."
+    ),
+)
 
 X_FRAME_OPTIONS = "DENY"