Set SESSION_COOKIE_SAMESITE=Lax for devstack_docker environment by default to allow login to LMS service. This is a fix for devstack_docker default value set to Lax for DCS_SESSION_COOKIE_SAMESITE. It was defaulting to SameSite=None which requires a secure site which localhost site does not by default. Setting this SameSite cookie attribute to something other than None will continue to allow login to the LMS for devstack_docker environment. Regards to #23671 and https://discuss.openedx.org/t/lti-xblock-and-samesite/759/16

Set `SESSION_COOKIE_SAMESITE=Lax` for `devstack_docker` environment by default to allow login to LMS service. This is a fix for `devstack_docker` default value set to `Lax` for `DCS_SESSION_COOKIE_SAMESITE`. It was defaulting to `SameSite=None` which requires a secure site which `localhost` site does not by default. Setting this `SameSite` cookie attribute to something other than `None` will continue to allow login to the LMS for `devstack_docker` environment. Regards to #23671 and https://discuss.openedx.org/t/lti-xblock-and-samesite/759/16
2020-07-30 12:29:43 -04:00
parent 8cfb6e6256
commit 7da15d108e
1 changed files with 6 additions and 0 deletions
--- a/lms/envs/devstack.py
+++ b/lms/envs/devstack.py
@@ -395,6 +395,12 @@ if FEATURES.get('ENABLE_ENTERPRISE_INTEGRATION'):
 # List of enterprise customer uuids to exclude from transition to use of enterprise-catalog
 ENTERPRISE_CUSTOMERS_EXCLUDED_FROM_CATALOG = ()

+#####################################################################
+
+# django-session-cookie middleware
+DCS_SESSION_COOKIE_SAMESITE = 'Lax'
+DCS_SESSION_COOKIE_SAMESITE_FORCE_ALL = True
+
 #####################################################################
 # See if the developer has any local overrides.
 if os.path.isfile(join(dirname(abspath(__file__)), 'private.py')):