Fix(Auth): Flask Samesite attribute must be 'Lax' for OAuth login callback

2025-01-31 14:35:18 +00:00
parent d45c882049
commit fea029d2be
4 changed files with 31 additions and 1 deletions
--- a/config.py
+++ b/config.py
@@ -40,7 +40,7 @@ class Config:
    # Auth0
    SESSION_COOKIE_SECURE = True
    SESSION_COOKIE_HTTPONLY = True
-    SESSION_COOKIE_SAMESITE = 'Strict'
+    SESSION_COOKIE_SAMESITE = 'Lax' # 'Strict' # Strict is preferable for security, but Lax is required for OAuth functionality
    REMEMBER_COOKIE_SECURE = True
    # PERMANENT_SESSION_LIFETIME = 3600
    WTF_CSRF_ENABLED = True