Rollout to production

config/api_example_config.py

@@ -8,6 +8,17 @@ API_SERVER_NAME = "dev"
 # Must include the last /
 FILE_PATH_PREFIX = "https://video.fsmpi.rwth-aachen.de/files/"
 
+# Used for all cookies
+# While the frontend and api are on different subdomains, that still counts as 'same-site'
+COOKIES_SAMESITE = "strict"
+COOKIES_SECURE = False
+COOKIES_DOMAIN = ""
+
+# These are flask's options for the session cookie
+SESSION_COOKIE_SAMESITE = COOKIES_SAMESITE
+SESSION_COOKIE_SECURE = COOKIES_SECURE
+SESSION_COOKIE_DOMAIN = COOKIES_DOMAIN
+
 # Used by flask to sign the cookies
 SECRET_KEY = "something random"