0001-middleware-transform-cookies-to-have-SameSite-None-4.patch

Frédéric Péters, 01 août 2020 19:38

Voir les différences: en ligne côte à côte

Subject: [PATCH] middleware: transform cookies to have SameSite=None (#45667)

 debian/debian_config_common.py      |  2 ++
 hobo/middleware/__init__.py         |  1 +
 hobo/middleware/cookies_samesite.py | 42 +++++++++++++++++++++++++++++
 3 files changed, 45 insertions(+)
 create mode 100644 hobo/middleware/cookies_samesite.py

         if 'MIDDLEWARE_CLASSES' in globals():
             MIDDLEWARE_CLASSES = (
                 'hobo.multitenant.middleware.TenantMiddleware',
                 'hobo.middleware.CookiesSameSiteFixMiddleware',
             ) + MIDDLEWARE_CLASSES
         else:
             MIDDLEWARE = (
                 'hobo.multitenant.middleware.TenantMiddleware',
                 'hobo.middleware.CookiesSameSiteFixMiddleware',
             ) + MIDDLEWARE
         DATABASES = {

hobo/middleware/__init__.py
1	1	from .version import VersionMiddleware
	2	from .cookies_samesite import CookiesSameSiteFixMiddleware
2	3	from .cors import CORSMiddleware
3	4	from .seo import RobotsTxtMiddleware
4	5	from .stats import PrometheusStatsMiddleware

     # hobo - portal to configure and deploy applications
     # Copyright (C) 2015-2020  Entr'ouvert
+    #
     # This program is free software: you can redistribute it and/or modify it
     # under the terms of the GNU Affero General Public License as published
     # by the Free Software Foundation, either version 3 of the License, or
     # (at your option) any later version.
+    #
     # This program is distributed in the hope that it will be useful,
     # but WITHOUT ANY WARRANTY; without even the implied warranty of
     # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
     # GNU Affero General Public License for more details.
+    #
     # You should have received a copy of the GNU Affero General Public License
     # along with this program.  If not, see <http://www.gnu.org/licenses/>.
     from django.conf import settings
     from django.utils import six
     from django.utils.deprecation import MiddlewareMixin
     class CookiesSameSiteFixMiddleware(MiddlewareMixin):
         def process_response(self, request, response):
             # adjust CSRF and session cookies to mark them with SameSite=None
             # as required by newer Chrome versions.
             # see: https://www.chromestatus.com/feature/5088147346030592
             # this can be removed once django 2.2 is used and settings.
             # CSRF_COOKIE_SAMESITE & SESSION_COOKIE_SAMESITE can be used.
             if settings.CSRF_COOKIE_NAME in response.cookies:
                 response.cookies[settings.CSRF_COOKIE_NAME]['samesite'] = 'None'
             if settings.SESSION_COOKIE_NAME in response.cookies:
                 response.cookies[settings.SESSION_COOKIE_NAME]['samesite'] = 'None'
             return response
     if six.PY2:
         import Cookie
         Cookie.Morsel._reserved.setdefault('samesite', 'SameSite')
     else:
         # required for Python <3.8
         import http.cookies
         http.cookies.Morsel._reserved.setdefault('samesite', 'SameSite')
+    -

Projet

Général

Profil

Produits Entr'ouvert » Hobo

0001-middleware-transform-cookies-to-have-SameSite-None-4.patch