Merge ~maxiberta/canonical-identity-provider:cookies-explicit-samesite-2 into canonical-identity-provider:master
Proposed by
Maximiliano Bertacchini
Status: | Merged |
---|---|
Approved by: | Maximiliano Bertacchini |
Approved revision: | 51e9bd1814b0fe9e38122883a56233cdfa9d1f42 |
Merge reported by: | Otto Co-Pilot |
Merged at revision: | not available |
Proposed branch: | ~maxiberta/canonical-identity-provider:cookies-explicit-samesite-2 |
Merge into: | canonical-identity-provider:master |
Diff against target: |
23 lines (+2/-1) 2 files modified
django_project/settings_base.py (+1/-0) src/identityprovider/views/server.py (+1/-1) |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Daniel Manrique (community) | Approve | ||
Review via email: mp+414316@code.launchpad.net |
Commit message
Set explicit "SameSite=None; Secure" to the openid_referer cookie
Should fix issues with openid authentication on modern browsers, which default to "SameSite=Lax".
Description of the change
See: https:/
Session and CSRF cookies are already "SameSite=None; Secure" as per https:/
This patch is already applied on https:/
To post a comment you must log in.
+1 let's merge and test thoroughly on staging.