change default samesite from lax -> None

IndominusByte · IndominusByte · commit 3cc9124fbc29 · 2020-10-24T18:22:55.000+08:00
diff --git a/fastapi_jwt_auth/auth_config.py b/fastapi_jwt_auth/auth_config.py
@@ -34,7 +34,7 @@ class AuthConfig:
     _cookie_max_age = None
     _cookie_domain = None
     _cookie_secure = False
-    _cookie_samesite = "lax"
+    _cookie_samesite = None
 
     # option for double submit csrf protection
     _cookie_csrf_protect = True
diff --git a/fastapi_jwt_auth/config.py b/fastapi_jwt_auth/config.py
@@ -33,7 +33,7 @@ class LoadConfig(BaseModel):
     authjwt_cookie_max_age: Optional[StrictInt] = None
     authjwt_cookie_domain: Optional[StrictStr] = None
     authjwt_cookie_secure: Optional[StrictBool] = False
-    authjwt_cookie_samesite: Optional[StrictStr] = "lax"
+    authjwt_cookie_samesite: Optional[StrictStr] = None
     # option for double submit csrf protection
     authjwt_cookie_csrf_protect: Optional[StrictBool] = True
     authjwt_access_csrf_cookie_key: Optional[StrictStr] = "csrf_access_token"
diff --git a/tests/test_config.py b/tests/test_config.py
@@ -50,7 +50,7 @@ def test_default_config():
     assert AuthJWT._cookie_max_age is None
     assert AuthJWT._cookie_domain is None
     assert AuthJWT._cookie_secure is False
-    assert AuthJWT._cookie_samesite == "lax"
+    assert AuthJWT._cookie_samesite is None
     # option for double submit csrf protection
     assert AuthJWT._cookie_csrf_protect is True
     assert AuthJWT._access_csrf_cookie_key == "csrf_access_token"
