From b9738d36d84dc0f243d4f92ea2da04191e38b954 Mon Sep 17 00:00:00 2001
From: xuxiaofei <xuxiaofei1.0@outlook.com>
Date: Sat, 19 Sep 2020 13:41:58 +0800
Subject: [PATCH] fix: cookie same site and secure

---
 py_vislib/settings/base.py | 2 +-
 vislib/middleware.py       | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/py_vislib/settings/base.py b/py_vislib/settings/base.py
index c9904ea..7d5786b 100644
--- a/py_vislib/settings/base.py
+++ b/py_vislib/settings/base.py
@@ -29,7 +29,7 @@ ALLOWED_HOSTS = ['*']
 
 # 跨域
 # CORS_ORIGIN_ALLOW_ALL = True
-# SESSION_COOKIE_SAMESITE = None
+# SESSION_COOKIE_SAMESITE = 'strict'
 # SESSION_COOKIE_SECURE = True
 # Application definition
 
diff --git a/vislib/middleware.py b/vislib/middleware.py
index a1cfd9c..f746a25 100644
--- a/vislib/middleware.py
+++ b/vislib/middleware.py
@@ -4,7 +4,7 @@ from django.utils.deprecation import MiddlewareMixin
 class SameSiteMiddleware(MiddlewareMixin):
     def process_response(self, request, response):
         if 'sessionid' in response.cookies:
-            response.cookies['sessionid']['samesite'] = 'None'
+            response.cookies['sessionid']['samesite'] = 'Strict'
         if 'csrftoken' in response.cookies:
-            response.cookies['csrftoken']['samesite'] = 'None'
+            response.cookies['csrftoken']['samesite'] = 'Strict'
         return response