mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-07-24 05:36:15 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

[3.1.x] Fixed #31790 -- Fixed setting SameSite and Secure cookies flags in HttpResponse.delete_cookie().

Browse source 
Cookies with the "SameSite" flag set to None and without the "secure"
flag will be soon rejected by latest browser versions.

This affects sessions and messages cookies.
Backport of 240cbb63bf from master
This commit is contained in:
Mariusz Felisiak 2020-07-16 08:16:58 +02:00
parent ac699ba647
commit 3ca8cc0df1
10 changed files with 66 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

6
docs/ref/request-response.txt
View file

@ -902,7 +902,7 @@ Methods
Using ``samesite='None'`` (string) was allowed.
.. method:: HttpResponse.delete_cookie(key, path='/', domain=None)
.. method:: HttpResponse.delete_cookie(key, path='/', domain=None, samesite=None)
Deletes the cookie with the given key. Fails silently if the key doesn't
exist.
@ -911,6 +911,10 @@ Methods
values you used in ``set_cookie()`` -- otherwise the cookie may not be
deleted.
.. versionchanged:: 2.2.15
The ``samesite`` argument was added.
.. method:: HttpResponse.close()
This method is called at the end of the request directly by the WSGI