fix: cookie same site and secure

py_vislib/settings/base.py

@@ -29,7 +29,7 @@ ALLOWED_HOSTS = ['*']
 
 # 跨域
 # CORS_ORIGIN_ALLOW_ALL = True
-# SESSION_COOKIE_SAMESITE = None
+# SESSION_COOKIE_SAMESITE = 'strict'
 # SESSION_COOKIE_SECURE = True
 # Application definition
 

vislib/middleware.py

@@ -4,7 +4,7 @@ from django.utils.deprecation import MiddlewareMixin
 class SameSiteMiddleware(MiddlewareMixin):
     def process_response(self, request, response):
         if 'sessionid' in response.cookies:
-            response.cookies['sessionid']['samesite'] = 'None'
+            response.cookies['sessionid']['samesite'] = 'Strict'
         if 'csrftoken' in response.cookies:
-            response.cookies['csrftoken']['samesite'] = 'None'
+            response.cookies['csrftoken']['samesite'] = 'Strict'
         return response