From 74f0680f0adb43eb4a608f0583cb47eebb9a2d7d Mon Sep 17 00:00:00 2001
From: Andreas Knab <andreas@glencoesoftware.com>
Date: Tue, 16 May 2023 12:05:09 +0200
Subject: [PATCH] Add samesite cookie settings

---
 omeroweb/settings.py | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/omeroweb/settings.py b/omeroweb/settings.py
index 2f73e76821..be84ce31b3 100755
--- a/omeroweb/settings.py
+++ b/omeroweb/settings.py
@@ -551,6 +551,28 @@ def leave_none_unset_int(s):
             "OMERO.web."
         ),
     ],
+    "omero.web.csrf_cookie_samesite": [
+        "CSRF_COOKIE_SAMESITE",
+        "Lax",
+        str,
+        (
+            "The value of the SameSite flag on the CSRF cookie. "
+            "This flag prevents the cookie from being sent in cross-site "
+            "requests thus preventing CSRF attacks and making some methods of "
+            "CSRF session cookie impossible."
+        ),
+    ],
+    "omero.web.session_cookie_samesite": [
+        "SESSION_COOKIE_SAMESITE",
+        "Lax",
+        str,
+        (
+            "The value of the SameSite flag on the session cookie. This flag "
+            "prevents the cookie from being sent in cross-site requests thus "
+            "preventing CSRF attacks and making some methods of stealing "
+            "session cookie impossible."
+        ),
+    ],
     "omero.web.logdir": ["LOGDIR", LOGDIR, str, "A path to the custom log directory."],
     "omero.web.secure_proxy_ssl_header": [
         "SECURE_PROXY_SSL_HEADER",