-
- Downloads
Make `SESSION_COOKIE_SAMESITE` a setting (#35021)
* Make `SESSION_COOKIE_SAMESITE` a setting Considerations here: - I didn't want to break the existing behavior, which allows the env var to be case insensitive. This required a bit of weirdness in the getter/setter - we get the *raw* value, then normalize it to a keyword, then make sure it's one of the valid options. - I'm not sure what the best practice is regarding i18n - I just went off the existing code, but I'm not entirely sure whether I need to also add translations to the `locales/*.po` files, and how I get those translations if so (err... chatGPT?). - permissions: I'm not exactly sure how we decide between the `:settings-manager` and `:admin` settings. I went with `:settings-manager` here. - I'm not sure whether the frontend has its own definitions of possible values for set-based settings, or if I need to expose that somehow? The existing tests were good, easily adapted to the new behavior, and caught the above-mentioned backwards incompatibility issue with case insensitivity.
Showing
- src/metabase/config.clj 1 addition, 14 deletionssrc/metabase/config.clj
- src/metabase/server/middleware/session.clj 38 additions, 2 deletionssrc/metabase/server/middleware/session.clj
- test/metabase/server/middleware/session_test.clj 18 additions, 19 deletionstest/metabase/server/middleware/session_test.clj
Loading
Please register or sign in to comment