Skip to content

Commit

Permalink
Fix default value for SESSION_COOKIE_SECURE (#8767) (#8769)
Browse files Browse the repository at this point in the history 
- Default value was previously 'True'
- Documentation indicated that it was 'False'
- Value in config_template.yaml was 'False' (but commented out)

(cherry picked from commit d4ee8c5)

Co-authored-by: Oliver <[email protected]>
  • Loading branch information
@github-actions @SchrodingersGat
github-actions[bot] and SchrodingersGat authored Dec 26, 2024
1 parent cab7a06 commit eed6223
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 4 deletions.
4 changes: 3 additions & 1 deletion src/backend/InvenTree/InvenTree/settings.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1218,7 +1218,9 @@
if DEBUG
else (
SESSION_COOKIE_SAMESITE == 'None'
or get_boolean_setting('INVENTREE_SESSION_COOKIE_SECURE', 'cookie.secure', True)
or get_boolean_setting(
'INVENTREE_SESSION_COOKIE_SECURE', 'cookie.secure', False
)
)
)

Expand Down
6 changes: 3 additions & 3 deletions src/backend/InvenTree/config_template.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -124,9 +124,9 @@ use_x_forwarded_host: false
use_x_forwarded_port: false

# Cookie settings (nominally the default settings should be fine)
#cookie:
# secure: false
# samesite: false
cookie:
secure: false
samesite: false

# Cross Origin Resource Sharing (CORS) settings (see https://github.com/adamchainz/django-cors-headers)
cors:
Expand Down

0 comments on commit eed6223

Please sign in to comment.