From 925c65fa5a7f267a1361c3435aec2098e2624b52 Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne <bdauvergne@entrouvert.com>
Date: Wed, 30 Nov 2022 14:43:02 +0100
Subject: [PATCH] settings: set cookie SECURE and SAMESITE attributes (#71880)

---
 src/authentic2/settings.py | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/authentic2/settings.py b/src/authentic2/settings.py
index 688ed251..3e20adce 100644
--- a/src/authentic2/settings.py
+++ b/src/authentic2/settings.py
@@ -55,6 +55,14 @@ DATABASES = {
     }
 }
 
+# Cookies
+SESSION_COOKIE_SECURE = True
+SESSION_COOKIE_SAMESITE = 'None'
+CSRF_COOKIE_SECURE = True
+CSRF_COOKIE_SAMESITE = 'Lax'
+LANGUAGE_COOKIE_SECURE = True
+LANGUAGE_COOKIE_SAMESITE = 'None'
+
 # Hey Entr'ouvert is in France !!
 TIME_ZONE = 'Europe/Paris'
 LANGUAGE_CODE = 'fr'
-- 
2.37.2