Merge pull request #54 from maykinmedia/issue/envvar-missing-helptext

🐛 Add missing help_text for cookie samesite envvars
maykinmedia · Aug 16, 2024 · d26d0bb · d26d0bb
2 parents 9fd9498 + 84e1f5a
commit d26d0bb
Show file tree

Hide file tree

Showing 5 changed files with 28 additions and 6 deletions.
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
@@ -1,6 +1,13 @@
 Changelog
 =========
 
+0.7.1 (2024-08-16)
+------------------
+
+**Bugfixes**
+
+* Add missing help_text for SESSION_COOKIE_SAMESITE and CSRF_COOKIE_SAMESITE envvars
+
 0.7.0 (2024-08-15)
 ------------------
 

diff --git a/README.rst b/README.rst
@@ -1,7 +1,7 @@
 Open API Framework
 ==================
 
-:Version: 0.7.0
+:Version: 0.7.1
 :Source: https://github.com/maykinmedia/open-api-framework
 :Keywords: metapackage, dependencies
 

diff --git a/docs/conf.py b/docs/conf.py
@@ -26,7 +26,7 @@
 author = "Maykin Media"
 
 # The full version, including alpha/beta/rc tags
-release = "0.7.0"
+release = "0.7.1"
 
 
 # -- General configuration ---------------------------------------------------

diff --git a/open_api_framework/conf/base.py b/open_api_framework/conf/base.py
@@ -539,10 +539,25 @@
 #
 SESSION_COOKIE_SECURE = IS_HTTPS
 SESSION_COOKIE_HTTPONLY = True
-SESSION_COOKIE_SAMESITE = config("SESSION_COOKIE_SAMESITE", "Strict")
+SESSION_COOKIE_SAMESITE = config(
+    "SESSION_COOKIE_SAMESITE",
+    "Strict",
+    help_text=(
+        "The value of the SameSite flag on the session cookie. This flag prevents the "
+        "cookie from being sent in cross-site requests thus preventing CSRF attacks and "
+        "making some methods of stealing session cookie impossible."
+    ),
+)
 
 CSRF_COOKIE_SECURE = IS_HTTPS
-CSRF_COOKIE_SAMESITE = config("CSRF_COOKIE_SAMESITE", "Strict")
+CSRF_COOKIE_SAMESITE = config(
+    "CSRF_COOKIE_SAMESITE",
+    "Strict",
+    help_text=(
+        "The value of the SameSite flag on the CSRF cookie. This flag prevents the cookie "
+        "from being sent in cross-site requests."
+    ),
+)
 
 X_FRAME_OPTIONS = "DENY"
 

diff --git a/pyproject.toml b/pyproject.toml
@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "open_api_framework"
-version = "0.7.0"
+version = "0.7.1"
 description = "A metapackage for registration components, that bundles the dependencies shared between these components and provides generic settings"
 authors = [
     {name = "Maykin Media", email = "[email protected]"}
@@ -100,7 +100,7 @@ testpaths = ["tests"]
 DJANGO_SETTINGS_MODULE = "testapp.settings"
 
 [tool.bumpversion]
-current_version = "0.7.0"
+current_version = "0.7.1"
 files = [
     {filename = "pyproject.toml"},
     {filename = "README.rst"},