Merge pull request #1224 from NHSDigital/disable-secure-cookies-on-local

Allow overriding secure cookies for local development

Author: MatMoore

manage_breast_screening/config/.env.tpl

@@ -11,6 +11,9 @@ DATABASE_HOST=localhost
 LOG_QUERIES=0
 PERSONAS_ENABLED=1
 
+CSRF_COOKIE_SECURE=False
+SESSION_COOKIE_SECURE=False
+
 # Set to FQDN in deployed environments
 BASE_URL=http://localhost:8000
 

manage_breast_screening/config/settings/base.py

@@ -37,8 +37,8 @@ def list_env(key):
 ALLOWED_HOSTS = list_env("ALLOWED_HOSTS")
 CSRF_TRUSTED_ORIGINS = list_env("CSRF_TRUSTED_ORIGINS")
 
-CSRF_COOKIE_SECURE = True
-SESSION_COOKIE_SECURE = True
+CSRF_COOKIE_SECURE = boolean_env("CSRF_COOKIE_SECURE", default=True)
+SESSION_COOKIE_SECURE = boolean_env("SESSION_COOKIE_SECURE", default=True)
 # SECURE_SSL_REDIRECT is set to False because TLS termination is handled at the Azure Container Apps layer
 SECURE_SSL_REDIRECT = False