|
1 |
# hobo - portal to configure and deploy applications
|
|
2 |
# Copyright (C) 2015-2020 Entr'ouvert
|
|
3 |
#
|
|
4 |
# This program is free software: you can redistribute it and/or modify it
|
|
5 |
# under the terms of the GNU Affero General Public License as published
|
|
6 |
# by the Free Software Foundation, either version 3 of the License, or
|
|
7 |
# (at your option) any later version.
|
|
8 |
#
|
|
9 |
# This program is distributed in the hope that it will be useful,
|
|
10 |
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
11 |
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
12 |
# GNU Affero General Public License for more details.
|
|
13 |
#
|
|
14 |
# You should have received a copy of the GNU Affero General Public License
|
|
15 |
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
16 |
|
|
17 |
from django.conf import settings
|
|
18 |
from django.utils import six
|
|
19 |
from django.utils.deprecation import MiddlewareMixin
|
|
20 |
|
|
21 |
|
|
22 |
class CookiesSameSiteFixMiddleware(MiddlewareMixin):
|
|
23 |
def process_response(self, request, response):
|
|
24 |
# adjust CSRF and session cookies to mark them with SameSite=None
|
|
25 |
# as required by newer Chrome versions.
|
|
26 |
# see: https://www.chromestatus.com/feature/5088147346030592
|
|
27 |
# this can be removed once django 2.2 is used and settings.
|
|
28 |
# CSRF_COOKIE_SAMESITE & SESSION_COOKIE_SAMESITE can be used.
|
|
29 |
if settings.CSRF_COOKIE_NAME in response.cookies:
|
|
30 |
response.cookies[settings.CSRF_COOKIE_NAME]['samesite'] = 'None'
|
|
31 |
if settings.SESSION_COOKIE_NAME in response.cookies:
|
|
32 |
response.cookies[settings.SESSION_COOKIE_NAME]['samesite'] = 'None'
|
|
33 |
return response
|
|
34 |
|
|
35 |
|
|
36 |
if six.PY2:
|
|
37 |
import Cookie
|
|
38 |
Cookie.Morsel._reserved.setdefault('samesite', 'SameSite')
|
|
39 |
else:
|
|
40 |
# required for Python <3.8
|
|
41 |
import http.cookies
|
|
42 |
http.cookies.Morsel._reserved.setdefault('samesite', 'SameSite')
|
0 |
|
-
|