Skip to content

Commit

Permalink
Set samesite to strict for cookies
Browse files Browse the repository at this point in the history
  • Loading branch information
dormant-user committed Feb 23, 2024
1 parent 5792d14 commit 1ef0ea3
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 2 deletions.
2 changes: 1 addition & 1 deletion pystream/main.py
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ async def redirect_exception_handler(request: Request,
else:
response = RedirectResponse(url=exception.location)
if exception.detail:
response.set_cookie("detail", exception.detail.upper())
response.set_cookie("detail", exception.detail.upper(), httponly=True, samesite="strict")
return response


Expand Down
3 changes: 2 additions & 1 deletion pystream/routers/auth.py
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,8 @@ async def login(request: Request) -> JSONResponse:
value=config.static.cipher_suite.encrypt(str(auth_payload).encode("utf-8")).decode(),
max_age=config.env.session_duration,
expires=expiration,
httponly=True)
httponly=True,
samesite="strict")
if config.env.secure_session:
cookie_kwargs["secure"] = True
response.set_cookie(**cookie_kwargs)
Expand Down

0 comments on commit 1ef0ea3

Please sign in to comment.