[2.2.x] Fixed #31790 -- Fixed setting SameSite cookies flag in HttpResponse.delete_cookie().

Cookies with the "SameSite" flag set to None and without the "secure" flag will be soon rejected by latest browser versions. This affects sessions and messages cookies. Backport of 331324ecce from stable/3.0.x
2025-08-03 02:23:12 +00:00 · 2020-07-16 09:30:15 +02:00 · 2020-07-16 09:30:15 +02:00 · f1a6e6c817
commit f1a6e6c817
parent 6f09ee2be3
9 changed files with 42 additions and 6 deletions
--- a/docs/ref/request-response.txt
+++ b/docs/ref/request-response.txt
@ -841,7 +841,7 @@ Methods
    you will need to remember to pass it to the corresponding
    :meth:`HttpRequest.get_signed_cookie` call.

-.. method:: HttpResponse.delete_cookie(key, path='/', domain=None)
+.. method:: HttpResponse.delete_cookie(key, path='/', domain=None, samesite=None)

    Deletes the cookie with the given key. Fails silently if the key doesn't
    exist.
@ -850,6 +850,10 @@ Methods
    values you used in ``set_cookie()`` -- otherwise the cookie may not be
    deleted.

+    .. versionchanged:: 2.2.15
+
+        The ``samesite`` argument was added.
+
 .. method:: HttpResponse.close()

    This method is called at the end of the request directly by the WSGI
--- a/docs/releases/2.2.15.txt
+++ b/docs/releases/2.2.15.txt
@ -0,0 +1,13 @@
+===========================
+Django 2.2.15 release notes
+===========================
+
+*Expected August 3, 2020*
+
+Django 2.2.15 fixes a bug in 2.2.14.
+
+Bugfixes
+========
+
+* Allowed setting the ``SameSite`` cookie flag in
+  :meth:`.HttpResponse.delete_cookie` (:ticket:`31790`).
--- a/docs/releases/index.txt
+++ b/docs/releases/index.txt
@ -25,6 +25,7 @@ versions of the documentation contain the release notes for any later releases.
 .. toctree::
   :maxdepth: 1

+   2.2.15
   2.2.14
   2.2.13
   2.2.12