From a68dac97c4e7610beb65871aca25ead59bb849e0 Mon Sep 17 00:00:00 2001
From: Murtuza Zabuawala <murtuza.zabuawala@enterprisedb.com>
Date: Wed, 9 May 2018 14:04:50 +0100
Subject: [PATCH] Set SESSION_COOKIE_SAMESITE='Lax' per Flask recommendation to
 prevents sending cookies with CSRF-prone requests from external sites, such
 as submitting a form. Fixes #3342

---
 web/config.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/web/config.py b/web/config.py
index 060b44c20..df9a7f7fa 100644
--- a/web/config.py
+++ b/web/config.py
@@ -362,6 +362,7 @@ SHOW_GRAVATAR_IMAGE = True
 COOKIE_DEFAULT_PATH = '/'
 COOKIE_DEFAULT_DOMAIN = None
 SESSION_COOKIE_DOMAIN = None
+SESSION_COOKIE_SAMESITE = 'Lax'
 
 ##########################################################################
 # Local config settings