From dfe831deb7cdd2477514f6dc47e6e00de927e74b Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne <bdauvergne@entrouvert.com>
Date: Wed, 30 Nov 2022 15:27:52 +0100
Subject: [PATCH 2/2] settings: set samesite flag on cookies when possible
 (#71880)

---
 src/authentic2/settings.py | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/authentic2/settings.py b/src/authentic2/settings.py
index 14e77979..9611bf51 100644
--- a/src/authentic2/settings.py
+++ b/src/authentic2/settings.py
@@ -19,6 +19,7 @@ import logging.config
 import os
 
 # Load default from Django
+import django
 from django.conf import global_settings
 from django.utils.translation import gettext_lazy as _
 
@@ -59,6 +60,13 @@ DATABASES = {
 SESSION_COOKIE_SECURE = True
 CSRF_COOKIE_SECURE = True
 LANGUAGE_COOKIE_SECURE = True
+CSRF_COOKIE_SAMESITE = 'Lax'
+if django.VERSION < (3, 1):
+    SESSION_COOKIE_SAMESITE = 'Lax'
+    LANGUAGE_COOKIE_SAMESITE = 'Lax'
+else:
+    SESSION_COOKIE_SAMESITE = 'None'
+    LANGUAGE_COOKIE_SAMESITE = 'None'
 
 # Hey Entr'ouvert is in France !!
 TIME_ZONE = 'Europe/Paris'
-- 
2.37.2