This repository has been archived by the owner on Dec 21, 2023. It is now read-only.
Add security settings to allow the potential for iFraming this application #202
Labels
non-user-facing
An issue that will not directly affect users/users will not necessarily notice
Comments
mfldavidson
added
non-user-facing
jonespm
changed the title
|
Just to be clear, this is the issue that we have decided NOT to address any of in this sprint, right @jonespm ? |
|
Ok I'm removing this from the current project because I think this is what we decided to not address in this sprint. |
|
Ok NOW we are going to address it, we are going to have to develop our own fix. |
|
Not sure if this issue still has any priority so going to un-assign myself for now. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
This is going to be two steps
We need to either use CSP (or the older X-Frame-Options) with the domains that we'll be wanting to frame outselves in
Because Chrome is changing SameSite in Feburary we'll also need to set that to None so cookies are set
If we upgrade to Django 2.1.x+ via #198 we might be able to set this directly, though this isn't merged yet into Django 2.x.
SESSION_COOKIE_SAMESITE=#Get this setting from ENV default to None, possible values are Strict and Lax.
Otherwise we need to use the package and Middleware https://pypi.org/project/django-cookies-samesite/
The text was updated successfully, but these errors were encountered: