From bd87f9f3c135daf5b3cfb7106d7d938f8fc63155 Mon Sep 17 00:00:00 2001
From: Sean Shahkarami <sean.shahkarami@gmail.com>
Date: Wed, 7 Feb 2024 14:06:29 -0600
Subject: [PATCH] added settings for CORS_ALLOW_CREDENTIALS and
 SESSION_COOKIE_SAMESITE

---
 config/settings/base.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/config/settings/base.py b/config/settings/base.py
index 1ffe324..86ef7c5 100644
--- a/config/settings/base.py
+++ b/config/settings/base.py
@@ -177,12 +177,17 @@
 
 # Security settings
 ALLOWED_HOSTS = env("ALLOWED_HOSTS", list, [])
+
+CSRF_COOKIE_SECURE = env("CSRF_COOKIE_SECURE", bool, True)
 CSRF_TRUSTED_ORIGINS = env("CSRF_TRUSTED_ORIGINS", list, [])
+
 CORS_ALLOWED_ORIGINS = env("CORS_ALLOWED_ORIGINS", list, [])
 CORS_ALLOWED_ORIGIN_REGEXES = env("CORS_ALLOWED_ORIGIN_REGEXES", list, [])
 CORS_ALLOW_ALL_ORIGINS = env("CORS_ALLOW_ALL_ORIGINS", bool, False)
+CORS_ALLOW_CREDENTIALS = env("CORS_ALLOW_CREDENTIALS", bool, False)
+
 SESSION_COOKIE_SECURE = env("SESSION_COOKIE_SECURE", bool, True)
-CSRF_COOKIE_SECURE = env("CSRF_COOKIE_SECURE", bool, True)
+SESSION_COOKIE_SAMESITE = env("SESSION_COOKIE_SAMESITE", str, "Lax")
 
 S3_ENDPOINT = env("S3_ENDPOINT", str, "")
 S3_ACCESS_KEY = env("S3_ACCESS_KEY", str, "")