Set samesite to strict for cookies

thevickypedia · Feb 23, 2024 · 1ef0ea3 · 1ef0ea3
1 parent 5792d14
commit 1ef0ea3
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 2 deletions.
diff --git a/pystream/main.py b/pystream/main.py
@@ -37,7 +37,7 @@ async def redirect_exception_handler(request: Request,
     else:
         response = RedirectResponse(url=exception.location)
     if exception.detail:
-        response.set_cookie("detail", exception.detail.upper())
+        response.set_cookie("detail", exception.detail.upper(), httponly=True, samesite="strict")
     return response
 
 

diff --git a/pystream/routers/auth.py b/pystream/routers/auth.py
@@ -71,7 +71,8 @@ async def login(request: Request) -> JSONResponse:
                          value=config.static.cipher_suite.encrypt(str(auth_payload).encode("utf-8")).decode(),
                          max_age=config.env.session_duration,
                          expires=expiration,
-                         httponly=True)
+                         httponly=True,
+                         samesite="strict")
     if config.env.secure_session:
         cookie_kwargs["secure"] = True
     response.set_cookie(**cookie_kwargs)