From de311500378bd6ff57d45dba9745808ee5a4831f Mon Sep 17 00:00:00 2001
From: Teddy Middleton-Smith <edward.middletonsmith@gmail.com>
Date: Fri, 11 Jul 2025 17:35:06 +0100
Subject: [PATCH] Fix(Authentication): Fix error causing cookie from Auth0 for
 login callback method to be blocked by samesite configuration.

---
 config.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/config.py b/config.py
index ec88ee6..d89dbc9 100644
--- a/config.py
+++ b/config.py
@@ -37,9 +37,9 @@ class Config:
         'pool_timeout': 30,
     }
     # Auth0
-    SESSION_COOKIE_SECURE = False
+    SESSION_COOKIE_SECURE = True # depends on is_producction
     SESSION_COOKIE_HTTPONLY = True
-    SESSION_COOKIE_SAMESITE = 'None'
+    SESSION_COOKIE_SAMESITE = 'None' # depends on is_producction
     REMEMBER_COOKIE_SECURE = True
     WTF_CSRF_ENABLED = True
     # WTF_CSRF_CHECK_DEFAULT = False  # We'll check it manually for API routes
@@ -95,6 +95,7 @@ class DevelopmentConfig(Config):
     DEBUG = True
     MAIL_DEBUG = True
     SESSION_COOKIE_SECURE = False
+    SESSION_COOKIE_SAMESITE = 'Lax' # depends on is_producction
 
 class ProductionConfig(Config):
     is_production = True