From cbff7b88546585574c079322a86e471ad86bcec6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=89ric=20Falconnier?= <eric.falconnier@112hz.com>
Date: Wed, 10 Apr 2024 08:38:09 +0200
Subject: [PATCH] Better CSRF cookie settings

 - Secure
 - SameSite = Strict
---
 server/server/settings.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/server/server/settings.py b/server/server/settings.py
index d1c9e7e1c..57647b3a1 100644
--- a/server/server/settings.py
+++ b/server/server/settings.py
@@ -103,6 +103,7 @@
     'realms.auth_backends.RealmBackend',
 ]
 
+# SESSION*
 SESSION_COOKIE_SECURE = True
 SESSION_COOKIE_SAMESITE = django_zentral_settings.get("SESSION_COOKIE_SAMESITE", "Lax")
 
@@ -112,6 +113,9 @@
 if "SESSION_EXPIRE_AT_BROWSER_CLOSE" in django_zentral_settings:
     SESSION_EXPIRE_AT_BROWSER_CLOSE = django_zentral_settings["SESSION_EXPIRE_AT_BROWSER_CLOSE"]
 
+# CSRF*
+CSRF_COOKIE_SECURE = True
+CSRF_COOKIE_SAMESITE = "Strict"
 if "CSRF_TRUSTED_ORIGINS" in django_zentral_settings:
     CSRF_TRUSTED_ORIGINS = django_zentral_settings["CSRF_TRUSTED_ORIGINS"]