Added django samesite package (#75)

ecommerce/settings/base.py

@@ -295,6 +295,9 @@
 # See: https://docs.djangoproject.com/en/1.11/ref/settings/#middleware
 MIDDLEWARE = (
     'ecommerce.extensions.edly_ecommerce_app.middleware.SettingsOverrideMiddleware',
+    # Avoid issue with https://blog.heroku.com/chrome-changes-samesite-cookie
+    # Override was found here https://github.com/django/django/pull/11894
+    'django_cookies_samesite.middleware.CookiesSameSite',
     'corsheaders.middleware.CorsMiddleware',
     'edx_django_utils.cache.middleware.RequestCacheMiddleware',
     'django.contrib.sessions.middleware.SessionMiddleware',
@@ -907,3 +910,6 @@
     'OSCAR_FROM_EMAIL', 'SESSION_COOKIE_DOMAIN', 'LANGUAGE_CODE',
     'EDLY_WORDPRESS_URL', 'FRONTEND_LOGOUT_URL', 'PAYMENT_PROCESSOR_CONFIG',
 ]
+
+DCS_SESSION_COOKIE_SAMESITE = 'None'
+DCS_SESSION_COOKIE_SAMESITE_FORCE_ALL = True

ecommerce/settings/production.py

@@ -143,3 +143,6 @@ def get_env_setting(setting):
 
 # Edly configuration
 EDLY_COOKIE_SECRET_KEY = config_from_yaml.get('EDLY_COOKIE_SECRET_KEY', EDLY_COOKIE_SECRET_KEY)
+
+DCS_SESSION_COOKIE_SAMESITE = config_from_yaml.get('DCS_SESSION_COOKIE_SAMESITE', DCS_SESSION_COOKIE_SAMESITE)
+DCS_SESSION_COOKIE_SAMESITE_FORCE_ALL = config_from_yaml.get('DCS_SESSION_COOKIE_SAMESITE_FORCE_ALL', DCS_SESSION_COOKIE_SAMESITE_FORCE_ALL)

requirements/base.txt

@@ -26,6 +26,7 @@ cssutils==1.0.2           # via premailer
 defusedxml==0.6.0         # via python3-openid, social-auth-core, zeep
 git+https://github.com/django-compressor/django-appconf.git@5169ce2c92d9836e0b3ab3ec645727d9d5225d1a#egg=django-appconf  # via -r requirements/base.in, django-compressor
 django-compressor==2.4    # via -r requirements/base.in, django-libsass
+django-cookies-samesite==0.5.1
 django-cors-headers==3.2.1  # via -r requirements/base.in
 django-crispy-forms==1.8.1  # via -r requirements/base.in
 django-crum==0.7.6        # via edx-rbac

requirements/dev.txt

@@ -33,6 +33,7 @@ defusedxml==0.6.0         # via -r requirements/test.txt, python3-openid, social
 diff-cover==2.6.1         # via -r requirements/test.txt
 git+https://github.com/django-compressor/django-appconf.git@5169ce2c92d9836e0b3ab3ec645727d9d5225d1a#egg=django-appconf  # via -r requirements/test.txt, django-compressor
 django-compressor==2.4    # via -r requirements/test.txt, django-libsass
+django-cookies-samesite==0.5.1
 django-cors-headers==3.2.1  # via -r requirements/test.txt
 django-crispy-forms==1.8.1  # via -r requirements/test.txt
 django-crum==0.7.6        # via -r requirements/test.txt, edx-rbac

requirements/production.txt

@@ -27,6 +27,7 @@ cssutils==1.0.2           # via premailer
 defusedxml==0.6.0         # via python3-openid, social-auth-core, zeep
 git+https://github.com/django-compressor/django-appconf.git@5169ce2c92d9836e0b3ab3ec645727d9d5225d1a#egg=django-appconf  # via -r requirements/base.in, django-compressor
 django-compressor==2.4    # via -r requirements/base.in, django-libsass
+django-cookies-samesite==0.5.1
 django-cors-headers==3.2.1  # via -r requirements/base.in
 django-crispy-forms==1.8.1  # via -r requirements/base.in
 django-crum==0.7.6        # via edx-rbac

requirements/test.txt

@@ -32,6 +32,7 @@ defusedxml==0.6.0         # via -r requirements/base.txt, python3-openid, social
 diff-cover==2.6.1         # via -r requirements/test.in
 git+https://github.com/django-compressor/django-appconf.git@5169ce2c92d9836e0b3ab3ec645727d9d5225d1a#egg=django-appconf  # via -r requirements/base.txt, django-compressor
 django-compressor==2.4    # via -r requirements/base.txt, django-libsass
+django-cookies-samesite==0.5.1
 django-cors-headers==3.2.1  # via -r requirements/base.txt
 django-crispy-forms==1.8.1  # via -r requirements/base.txt
 django-crum==0.7.6        # via -r requirements/base.txt, edx-rbac