From 0f407431e21de3d698b0ebad21f65e4fa776a3e7 Mon Sep 17 00:00:00 2001
From: Muhammad Haseeb <muhammad.haseeb@edly.io>
Date: Thu, 18 Mar 2021 18:10:42 +0500
Subject: [PATCH] Added django samesite package (#75)

---
 ecommerce/settings/base.py       | 6 ++++++
 ecommerce/settings/production.py | 3 +++
 requirements/base.txt            | 1 +
 requirements/dev.txt             | 1 +
 requirements/production.txt      | 1 +
 requirements/test.txt            | 1 +
 6 files changed, 13 insertions(+)

diff --git a/ecommerce/settings/base.py b/ecommerce/settings/base.py
index 2ae8efb9944..21dfab3d67d 100644
--- a/ecommerce/settings/base.py
+++ b/ecommerce/settings/base.py
@@ -295,6 +295,9 @@
 # See: https://docs.djangoproject.com/en/1.11/ref/settings/#middleware
 MIDDLEWARE = (
     'ecommerce.extensions.edly_ecommerce_app.middleware.SettingsOverrideMiddleware',
+    # Avoid issue with https://blog.heroku.com/chrome-changes-samesite-cookie
+    # Override was found here https://github.com/django/django/pull/11894
+    'django_cookies_samesite.middleware.CookiesSameSite',
     'corsheaders.middleware.CorsMiddleware',
     'edx_django_utils.cache.middleware.RequestCacheMiddleware',
     'django.contrib.sessions.middleware.SessionMiddleware',
@@ -907,3 +910,6 @@
     'OSCAR_FROM_EMAIL', 'SESSION_COOKIE_DOMAIN', 'LANGUAGE_CODE',
     'EDLY_WORDPRESS_URL', 'FRONTEND_LOGOUT_URL', 'PAYMENT_PROCESSOR_CONFIG',
 ]
+
+DCS_SESSION_COOKIE_SAMESITE = 'None'
+DCS_SESSION_COOKIE_SAMESITE_FORCE_ALL = True
diff --git a/ecommerce/settings/production.py b/ecommerce/settings/production.py
index 4bad34a33e2..d59712f1acc 100644
--- a/ecommerce/settings/production.py
+++ b/ecommerce/settings/production.py
@@ -143,3 +143,6 @@ def get_env_setting(setting):
 
 # Edly configuration
 EDLY_COOKIE_SECRET_KEY = config_from_yaml.get('EDLY_COOKIE_SECRET_KEY', EDLY_COOKIE_SECRET_KEY)
+
+DCS_SESSION_COOKIE_SAMESITE = config_from_yaml.get('DCS_SESSION_COOKIE_SAMESITE', DCS_SESSION_COOKIE_SAMESITE)
+DCS_SESSION_COOKIE_SAMESITE_FORCE_ALL = config_from_yaml.get('DCS_SESSION_COOKIE_SAMESITE_FORCE_ALL', DCS_SESSION_COOKIE_SAMESITE_FORCE_ALL)
diff --git a/requirements/base.txt b/requirements/base.txt
index b34f23b1551..7c17a8d0637 100644
--- a/requirements/base.txt
+++ b/requirements/base.txt
@@ -26,6 +26,7 @@ cssutils==1.0.2           # via premailer
 defusedxml==0.6.0         # via python3-openid, social-auth-core, zeep
 git+https://github.com/django-compressor/django-appconf.git@5169ce2c92d9836e0b3ab3ec645727d9d5225d1a#egg=django-appconf  # via -r requirements/base.in, django-compressor
 django-compressor==2.4    # via -r requirements/base.in, django-libsass
+django-cookies-samesite==0.5.1
 django-cors-headers==3.2.1  # via -r requirements/base.in
 django-crispy-forms==1.8.1  # via -r requirements/base.in
 django-crum==0.7.6        # via edx-rbac
diff --git a/requirements/dev.txt b/requirements/dev.txt
index 26955d782f5..ea05f014999 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -33,6 +33,7 @@ defusedxml==0.6.0         # via -r requirements/test.txt, python3-openid, social
 diff-cover==2.6.1         # via -r requirements/test.txt
 git+https://github.com/django-compressor/django-appconf.git@5169ce2c92d9836e0b3ab3ec645727d9d5225d1a#egg=django-appconf  # via -r requirements/test.txt, django-compressor
 django-compressor==2.4    # via -r requirements/test.txt, django-libsass
+django-cookies-samesite==0.5.1
 django-cors-headers==3.2.1  # via -r requirements/test.txt
 django-crispy-forms==1.8.1  # via -r requirements/test.txt
 django-crum==0.7.6        # via -r requirements/test.txt, edx-rbac
diff --git a/requirements/production.txt b/requirements/production.txt
index 2f83499cb88..1707aad8e58 100644
--- a/requirements/production.txt
+++ b/requirements/production.txt
@@ -27,6 +27,7 @@ cssutils==1.0.2           # via premailer
 defusedxml==0.6.0         # via python3-openid, social-auth-core, zeep
 git+https://github.com/django-compressor/django-appconf.git@5169ce2c92d9836e0b3ab3ec645727d9d5225d1a#egg=django-appconf  # via -r requirements/base.in, django-compressor
 django-compressor==2.4    # via -r requirements/base.in, django-libsass
+django-cookies-samesite==0.5.1
 django-cors-headers==3.2.1  # via -r requirements/base.in
 django-crispy-forms==1.8.1  # via -r requirements/base.in
 django-crum==0.7.6        # via edx-rbac
diff --git a/requirements/test.txt b/requirements/test.txt
index 50ab01ba524..74ae05a6be7 100644
--- a/requirements/test.txt
+++ b/requirements/test.txt
@@ -32,6 +32,7 @@ defusedxml==0.6.0         # via -r requirements/base.txt, python3-openid, social
 diff-cover==2.6.1         # via -r requirements/test.in
 git+https://github.com/django-compressor/django-appconf.git@5169ce2c92d9836e0b3ab3ec645727d9d5225d1a#egg=django-appconf  # via -r requirements/base.txt, django-compressor
 django-compressor==2.4    # via -r requirements/base.txt, django-libsass
+django-cookies-samesite==0.5.1
 django-cors-headers==3.2.1  # via -r requirements/base.txt
 django-crispy-forms==1.8.1  # via -r requirements/base.txt
 django-crum==0.7.6        # via -r requirements/base.txt, edx-rbac