Both CSRF_COOKIE_SAMESITE and SESSION_COOKIE_SAMESITE should be Optional (#216)

django-stubs/conf/global_settings.pyi

@@ -345,7 +345,7 @@ SESSION_COOKIE_PATH = "/"
 SESSION_COOKIE_HTTPONLY = True
 # Whether to set the flag restricting cookie leaks on cross-site requests.
 # This can be 'Lax', 'Strict', or None to disable the flag.
-SESSION_COOKIE_SAMESITE = "Lax"
+SESSION_COOKIE_SAMESITE: Optional[str] = ...
 # Whether to save the session data on every request.
 SESSION_SAVE_EVERY_REQUEST = False
 # Whether a user's session cookie expires when the Web browser is closed.
@@ -413,7 +413,7 @@ CSRF_COOKIE_DOMAIN = None
 CSRF_COOKIE_PATH = "/"
 CSRF_COOKIE_SECURE = False
 CSRF_COOKIE_HTTPONLY = False
-CSRF_COOKIE_SAMESITE = "Lax"
+CSRF_COOKIE_SAMESITE: Optional[str] = ...
 CSRF_HEADER_NAME = "HTTP_X_CSRFTOKEN"
 CSRF_TRUSTED_ORIGINS: List[str] = ...
 CSRF_USE_SESSIONS = False