set CSRF_COOKIE_SAMESITE to None (#49283)
This commit is contained in:
parent
446788ece6
commit
cd54c56f8c
|
@ -266,6 +266,8 @@ CSRF_COOKIE_HTTPONLY = True
|
|||
SESSION_COOKIE_SECURE = True
|
||||
SESSION_EXPIRE_AT_BROWSER_CLOSE = True
|
||||
SESSION_COOKIE_AGE = 36000 # 10h
|
||||
|
||||
CSRF_COOKIE_SAMESITE = None
|
||||
# Apply sessionNotOnOrAfter on session expiration date
|
||||
SESSION_ENGINE = 'mellon.sessions_backends.cached_db'
|
||||
|
||||
|
|
|
@ -27,9 +27,8 @@ class CookiesSameSiteFixMiddleware(MiddlewareMixin):
|
|||
# this can be removed once django 2.2 is used and settings.
|
||||
# CSRF_COOKIE_SAMESITE & SESSION_COOKIE_SAMESITE can be used.
|
||||
if settings.CSRF_COOKIE_NAME in response.cookies:
|
||||
response.cookies[settings.CSRF_COOKIE_NAME]['samesite'] = (
|
||||
getattr(settings, 'CSRF_COOKIE_SAMESITE', 'None').title()
|
||||
)
|
||||
same_site = settings.CSRF_COOKIE_SAMESITE or 'None'
|
||||
response.cookies[settings.CSRF_COOKIE_NAME]['samesite'] = same_site.title()
|
||||
if settings.SESSION_COOKIE_NAME in response.cookies:
|
||||
response.cookies[settings.SESSION_COOKIE_NAME]['samesite'] = 'None'
|
||||
return response
|
||||
|
|
Loading…
Reference in New Issue