middleware: define setting for CSRF cookie SameSite value (#48767)
This commit is contained in:
parent
44ed90ad84
commit
17ee1bf6d5
|
@ -27,7 +27,9 @@ class CookiesSameSiteFixMiddleware(MiddlewareMixin):
|
|||
# this can be removed once django 2.2 is used and settings.
|
||||
# CSRF_COOKIE_SAMESITE & SESSION_COOKIE_SAMESITE can be used.
|
||||
if settings.CSRF_COOKIE_NAME in response.cookies:
|
||||
response.cookies[settings.CSRF_COOKIE_NAME]['samesite'] = 'None'
|
||||
response.cookies[settings.CSRF_COOKIE_NAME]['samesite'] = (
|
||||
getattr(settings, 'CSRF_COOKIE_SAMESITE', 'None').title()
|
||||
)
|
||||
if settings.SESSION_COOKIE_NAME in response.cookies:
|
||||
response.cookies[settings.SESSION_COOKIE_NAME]['samesite'] = 'None'
|
||||
return response
|
||||
|
|
|
@ -8,6 +8,8 @@ def helloworld(request):
|
|||
logging.getLogger(__name__).error('wat!')
|
||||
if 'raise' in request.GET:
|
||||
raise Exception('wat!')
|
||||
request.META['CSRF_COOKIE_USED'] = True
|
||||
request.META['CSRF_COOKIE'] = 'xxx'
|
||||
return HttpResponse('Hello world %s' % request.META['REMOTE_ADDR'])
|
||||
|
||||
urlpatterns = [
|
||||
|
|
|
@ -30,3 +30,12 @@ def test_internalipmiddleware(app, tenants, settings):
|
|||
response = app.get('/?raise', status=500, extra_environ={'HTTP_HOST': tenants[0].domain_url})
|
||||
assert 'You\'re seeing this error because you have' in response.text
|
||||
|
||||
|
||||
def test_samesite_middleware(app, tenants, settings):
|
||||
settings.ALLOWED_HOSTS = [tenants[0].domain_url]
|
||||
response = app.get('/', extra_environ={'HTTP_HOST': tenants[0].domain_url})
|
||||
assert 'SameSite=None' in str(response)
|
||||
app.cookiejar.clear()
|
||||
settings.CSRF_COOKIE_SAMESITE = 'lax'
|
||||
response = app.get('/', extra_environ={'HTTP_HOST': tenants[0].domain_url})
|
||||
assert 'SameSite=Lax' in str(response)
|
||||
|
|
Loading…
Reference in New Issue