Make session cookie SameSite override configurable (#476)

bbezak · web-flow · commit 0c6956b7565c · 2025-12-05T13:55:59.000Z
Allow configuring SESSION_COOKIE_SAMESITE so sessions persist during cross-domain Keystone callbacks (for federated OIDC). #443 Signed-off-by: Bartosz Bezak <bartosz@stackhpc.com>
diff --git a/chart/files/api/settings/01-django.yaml b/chart/files/api/settings/01-django.yaml
@@ -4,6 +4,9 @@ CSRF_COOKIE_SECURE: {{ .Values.ingress.tls.enabled }}
 {{- with .Values.settings.csrfCookieName }}
 CSRF_COOKIE_NAME: {{ . }}
 {{- end }}
+{{- with .Values.settings.sessionCookieSameSite }}
+SESSION_COOKIE_SAMESITE: {{ . | quote }}
+{{- end }}
 SESSION_COOKIE_SECURE: {{ .Values.ingress.tls.enabled }}
 {{- with .Values.settings.sessionCookieName }}
 SESSION_COOKIE_NAME: {{ . }}
diff --git a/chart/values.yaml b/chart/values.yaml
@@ -169,6 +169,8 @@ settings:
   csrfCookieName:
   # The name of the session cookie
   sessionCookieName:
+  # The SameSite policy for the session cookie (e.g. Lax, Strict, None)
+  sessionCookieSameSite:
   # The name of the next URL cookie
   nextUrlCookieName:
   # List of curated sizes
