Merge ~maxiberta/canonical-identity-provider:cookies-explicit-samesite-2 into canonical-identity-provider:master
Proposed by
Maximiliano Bertacchini
| Status: | Merged |
|---|---|
| Approved by: | Maximiliano Bertacchini |
| Approved revision: | 51e9bd1814b0fe9e38122883a56233cdfa9d1f42 |
| Merge reported by: | Otto Co-Pilot |
| Merged at revision: | not available |
| Proposed branch: | ~maxiberta/canonical-identity-provider:cookies-explicit-samesite-2 |
| Merge into: | canonical-identity-provider:master |
| Diff against target: |
23 lines (+2/-1) 2 files modified
django_project/settings_base.py (+1/-0) src/identityprovider/views/server.py (+1/-1) |
| Related bugs: |
| Reviewer | Review Type | Date Requested | Status |
|---|---|---|---|
| Daniel Manrique (community) | Approve | ||
|
Review via email:
|
|||
Commit message
Set explicit "SameSite=None; Secure" to the openid_referer cookie
Should fix issues with openid authentication on modern browsers, which default to "SameSite=Lax".
Description of the change
See: https:/
Session and CSRF cookies are already "SameSite=None; Secure" as per https:/
This patch is already applied on https:/
To post a comment you must log in.
Revision history for this message
| Maximiliano Bertacchini (maxiberta) | # |
Preview Diff
[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
+1 let's merge and test thoroughly on staging.