Skip to content
This repository has been archived by the owner on Dec 27, 2024. It is now read-only.

Commit

Permalink
FSPT-189: Switch session cookie to Lax for Talisman
Browse files Browse the repository at this point in the history 
Authenticator used a session cookie with Lax rather than Strict for the
`session_cookie_samesite` in Talisman so that it could send people to
Microsoft logins. Assess had it set to Strict for this same setting.

Now that we've brought the frontends together this needs to be set to
Lax otherwise you can't log into Find or Submit.
  • Loading branch information
@MarcUsher
MarcUsher committed Dec 20, 2024
1 parent 72bb86d commit c4e6400
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion config/envs/default.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -207,7 +207,7 @@ class DefaultConfig:
# Talisman Config
FSD_REFERRER_POLICY = "strict-origin-when-cross-origin"
FSD_USER_TOKEN_COOKIE_SAMESITE = "Lax"
FSD_SESSION_COOKIE_SAMESITE = "Strict"
FSD_SESSION_COOKIE_SAMESITE = "Lax"
FSD_PERMISSIONS_POLICY = {"interest-cohort": "()"}
FSD_DOCUMENT_POLICY = {}
FSD_FEATURE_POLICY = {
Expand Down

0 comments on commit c4e6400

Please sign in to comment.