Merge pull request #72 from maykinmedia/feature/odic-samesite-quickfix

🐛 set session cookie same site default to Lax
maykinmedia · Sep 18, 2024 · 0939eb4 · 0939eb4
2 parents 9ef90bb + 49656bd
commit 0939eb4
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/open_api_framework/conf/base.py b/open_api_framework/conf/base.py
@@ -549,11 +549,12 @@
 SESSION_COOKIE_HTTPONLY = True
 SESSION_COOKIE_SAMESITE = config(
     "SESSION_COOKIE_SAMESITE",
-    "Strict",
+    "Lax",
     help_text=(
         "The value of the SameSite flag on the session cookie. This flag prevents the "
         "cookie from being sent in cross-site requests thus preventing CSRF attacks and "
         "making some methods of stealing session cookie impossible."
+        "Currently interferes with OIDC. Keep the value set at Lax if used."
     ),
 )