🐛 Fix SameSite cookie property. (#793)

* Fix `SameSite` cookie property.

* Fix samesite value.

* Add secure=True for samesite=None

---------

Co-authored-by: wlorenzetti <[email protected]>
Co-authored-by: Raruto <[email protected]>

g3w-admin/client/views.py

@@ -216,7 +216,10 @@ def render_to_response(self, context, **response_kwargs):
 
         # Add G3W_CLIENT_COOKIE_SESSION_TOKEN cookie to response
         response = super().render_to_response(context)
-        response.set_cookie(settings.G3W_CLIENT_COOKIE_SESSION_TOKEN, secrets.token_hex(16))
+
+        # Only with https set samesite='None' for cross-site requests, i.e. for cross-site iframe
+        kwargs = {'samesite': 'None', 'secure': True} if self.request.is_secure() else {'samesite': 'Strict'}
+        response.set_cookie(settings.G3W_CLIENT_COOKIE_SESSION_TOKEN, secrets.token_hex(16), **kwargs)
 
         return response