Merge pull request #187 from snikket-im/cookie-samesite-attribute

Explicitly set cookie SameSite attribute to Lax
snikket-im · Apr 29, 2024 · 13c5d44 · 13c5d44
2 parents a8c6b1a + 6407eb9
commit 13c5d44
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/snikket_web/__init__.py b/snikket_web/__init__.py
@@ -213,6 +213,7 @@ def create_app() -> quart.Quart:
     app.config["ABUSE_EMAIL"] = config.abuse_email
     app.config["SECURITY_EMAIL"] = config.security_email
     app.config["SESSION_COOKIE_SECURE"] = True
+    app.config["SESSION_COOKIE_SAMESITE"] = "Lax"
 
     app.context_processor(proc)
     app.register_error_handler(