diff options
author | Mariusz Felisiak <felisiak.mariusz@gmail.com> | 2020-07-16 09:30:15 +0200 |
---|---|---|
committer | Mariusz Felisiak <felisiak.mariusz@gmail.com> | 2020-07-16 09:35:35 +0200 |
commit | f1a6e6c817f3205ea7da6f973f51524ff630dda5 (patch) | |
tree | 0c68c7a7ddcea7000cb2f83f636397f3ac7d7b0b /django/contrib/sessions | |
parent | 6f09ee2be3c0ce07b096af7ac63b64ee7cfc23cf (diff) | |
download | django-f1a6e6c817f3205ea7da6f973f51524ff630dda5.tar.gz |
[2.2.x] Fixed #31790 -- Fixed setting SameSite cookies flag in HttpResponse.delete_cookie().
Cookies with the "SameSite" flag set to None and without the "secure"
flag will be soon rejected by latest browser versions.
This affects sessions and messages cookies.
Backport of 331324ecce1330dce3dbd1713203cb9a42854ad7 from stable/3.0.x
Diffstat (limited to 'django/contrib/sessions')
-rw-r--r-- | django/contrib/sessions/middleware.py | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/django/contrib/sessions/middleware.py b/django/contrib/sessions/middleware.py index 6795354cc5..a464b44245 100644 --- a/django/contrib/sessions/middleware.py +++ b/django/contrib/sessions/middleware.py @@ -39,6 +39,7 @@ class SessionMiddleware(MiddlewareMixin): settings.SESSION_COOKIE_NAME, path=settings.SESSION_COOKIE_PATH, domain=settings.SESSION_COOKIE_DOMAIN, + samesite=settings.SESSION_COOKIE_SAMESITE, ) else: if accessed: |