misc: add samesite=Lax to all set_cookie calls (#60798)
This commit is contained in:
parent
a05c136ee5
commit
62d5a3e62d
|
@ -77,6 +77,7 @@ class OpenedSessionCookieMiddleware(MiddlewareMixin):
|
|||
max_age=None,
|
||||
domain=domain,
|
||||
secure=app_settings.A2_OPENED_SESSION_COOKIE_SECURE,
|
||||
samesite='Lax',
|
||||
)
|
||||
elif app_settings.A2_OPENED_SESSION_COOKIE_NAME in request.COOKIES:
|
||||
response.delete_cookie(name, domain=domain)
|
||||
|
@ -258,7 +259,7 @@ class CookieTestMiddleware(MiddlewareMixin):
|
|||
def process_response(self, request, response):
|
||||
if not self.check(request):
|
||||
# set test cookie for 1 year
|
||||
response.set_cookie(self.COOKIE_NAME, '1', max_age=365 * 24 * 3600)
|
||||
response.set_cookie(self.COOKIE_NAME, '1', max_age=365 * 24 * 3600, samesite='Lax')
|
||||
return response
|
||||
|
||||
|
||||
|
|
|
@ -1302,6 +1302,7 @@ def prepend_remember_cookie(request, response, name, value, count=5):
|
|||
max_age=86400 * 365, # keep preferences for 1 year
|
||||
path=request.path,
|
||||
httponly=True,
|
||||
samesite='Lax',
|
||||
)
|
||||
|
||||
|
||||
|
|
|
@ -631,7 +631,7 @@ def logout(request, next_url=None, do_local=True, check_referer=True):
|
|||
logger.debug('Next redirection : %s', next_url)
|
||||
response = shortcuts.redirect(next_url)
|
||||
if local_logout_done:
|
||||
response.set_cookie('a2_just_logged_out', 1, max_age=60)
|
||||
response.set_cookie('a2_just_logged_out', 1, max_age=60, samesite='Lax')
|
||||
return response
|
||||
|
||||
|
||||
|
|
Loading…
Reference in New Issue