From 2dfbf01d5dfd131980346fd06e0737aac27bbbca Mon Sep 17 00:00:00 2001 From: Steven Bal Date: Thu, 15 Aug 2024 14:11:51 +0200 Subject: [PATCH 1/2] :bug: Add missing help_text for cookie samesite envvars --- open_api_framework/conf/base.py | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/open_api_framework/conf/base.py b/open_api_framework/conf/base.py index 3e16db9..ab7b7b0 100644 --- a/open_api_framework/conf/base.py +++ b/open_api_framework/conf/base.py @@ -539,10 +539,25 @@ # SESSION_COOKIE_SECURE = IS_HTTPS SESSION_COOKIE_HTTPONLY = True -SESSION_COOKIE_SAMESITE = config("SESSION_COOKIE_SAMESITE", "Strict") +SESSION_COOKIE_SAMESITE = config( + "SESSION_COOKIE_SAMESITE", + "Strict", + help_text=( + "The value of the SameSite flag on the session cookie. This flag prevents the " + "cookie from being sent in cross-site requests thus preventing CSRF attacks and " + "making some methods of stealing session cookie impossible." + ), +) CSRF_COOKIE_SECURE = IS_HTTPS -CSRF_COOKIE_SAMESITE = config("CSRF_COOKIE_SAMESITE", "Strict") +CSRF_COOKIE_SAMESITE = config( + "CSRF_COOKIE_SAMESITE", + "Strict", + help_text=( + "The value of the SameSite flag on the CSRF cookie. This flag prevents the cookie " + "from being sent in cross-site requests." + ), +) X_FRAME_OPTIONS = "DENY" From 84e1f5ab277b65c9c74bf89a42ae145c056c1da0 Mon Sep 17 00:00:00 2001 From: Steven Bal Date: Fri, 16 Aug 2024 09:51:31 +0200 Subject: [PATCH 2/2] :bookmark: Release version 0.7.1 --- CHANGELOG.rst | 7 +++++++ README.rst | 2 +- docs/conf.py | 2 +- pyproject.toml | 4 ++-- 4 files changed, 11 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index a7bf1b8..22282b6 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -1,6 +1,13 @@ Changelog ========= +0.7.1 (2024-08-16) +------------------ + +**Bugfixes** + +* Add missing help_text for SESSION_COOKIE_SAMESITE and CSRF_COOKIE_SAMESITE envvars + 0.7.0 (2024-08-15) ------------------ diff --git a/README.rst b/README.rst index 29c9c97..c79af20 100644 --- a/README.rst +++ b/README.rst @@ -1,7 +1,7 @@ Open API Framework ================== -:Version: 0.7.0 +:Version: 0.7.1 :Source: https://github.com/maykinmedia/open-api-framework :Keywords: metapackage, dependencies diff --git a/docs/conf.py b/docs/conf.py index a3f196e..f27ce40 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -26,7 +26,7 @@ author = "Maykin Media" # The full version, including alpha/beta/rc tags -release = "0.7.0" +release = "0.7.1" # -- General configuration --------------------------------------------------- diff --git a/pyproject.toml b/pyproject.toml index 66eb1f1..96227e0 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta" [project] name = "open_api_framework" -version = "0.7.0" +version = "0.7.1" description = "A metapackage for registration components, that bundles the dependencies shared between these components and provides generic settings" authors = [ {name = "Maykin Media", email = "support@maykinmedia.nl"} @@ -100,7 +100,7 @@ testpaths = ["tests"] DJANGO_SETTINGS_MODULE = "testapp.settings" [tool.bumpversion] -current_version = "0.7.0" +current_version = "0.7.1" files = [ {filename = "pyproject.toml"}, {filename = "README.rst"},