🐛[maykinmedia/mozilla-django-oidc-db#116] set session cookie same sit…

…e default to Lax
maykinmedia · Sep 18, 2024 · 49656bd · 49656bd
1 parent 9ef90bb
commit 49656bd
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/open_api_framework/conf/base.py b/open_api_framework/conf/base.py
@@ -549,11 +549,12 @@
 SESSION_COOKIE_HTTPONLY = True
 SESSION_COOKIE_SAMESITE = config(
     "SESSION_COOKIE_SAMESITE",
-    "Strict",
+    "Lax",
     help_text=(
         "The value of the SameSite flag on the session cookie. This flag prevents the "
         "cookie from being sent in cross-site requests thus preventing CSRF attacks and "
         "making some methods of stealing session cookie impossible."
+        "Currently interferes with OIDC. Keep the value set at Lax if used."
     ),
 )