Set SESSION_COOKIE_SAMESITE='Lax' per Flask recommendation to prevents sending cookies with CSRF-prone requests from external sites, such as submitting a form. Fixes #3342

2018-05-09 14:04:50 +01:00 · 2018-05-09 14:04:50 +01:00 · a68dac97c4
parent 5b86a67a41
commit a68dac97c4
1 changed files with 1 additions and 0 deletions
--- a/web/config.py
+++ b/web/config.py
@ -362,6 +362,7 @@ SHOW_GRAVATAR_IMAGE = True
 COOKIE_DEFAULT_PATH = '/'
 COOKIE_DEFAULT_DOMAIN = None
 SESSION_COOKIE_DOMAIN = None
+SESSION_COOKIE_SAMESITE = 'Lax'

 ##########################################################################
 # Local config settings