add SameSite and Secure attribute to cookie

[therealadityashankar]

got this warning on Firefox

[gaborfeher]

What version of flask-seasurf are you using?

I am just another user of this package, but if I understand correctly, the latest released version (0.2.2) does not support setting the SameSite attribute. However, you can try using the HEAD commit from this repo (i.e. the latest unreleased version), which is better in this respect. There the default is SameSite=Lax and you can override it using the CSRF_COOKIE_SAMESITE flask config variable. One way to install the current HEAD version is adding the following line into your requirements.txt:

git+git://github.com/maxcountryman/flask-seasurf@4dedf270bba7caf3dbbc1d74bc11b8b22e1a4f78#egg=flask-seasurf

[therealadityashankar]

thanks for the reply !
I can't use non-production ready (and production deployed) packages for my use case tbh,
I hope the latest version gets updated, but looking that the last package update was over a year back probably not

[gaborfeher]

See also #75

[alanhamlett]

Released v1.0.0 today.