0001-middleware-define-setting-for-CSRF-cookie-SameSite-v.patch
hobo/middleware/cookies_samesite.py | ||
---|---|---|
27 | 27 |
# this can be removed once django 2.2 is used and settings. |
28 | 28 |
# CSRF_COOKIE_SAMESITE & SESSION_COOKIE_SAMESITE can be used. |
29 | 29 |
if settings.CSRF_COOKIE_NAME in response.cookies: |
30 |
response.cookies[settings.CSRF_COOKIE_NAME]['samesite'] = 'None' |
|
30 |
response.cookies[settings.CSRF_COOKIE_NAME]['samesite'] = ( |
|
31 |
getattr(settings, 'CSRF_COOKIE_SAMESITE', 'None').title() |
|
32 |
) |
|
31 | 33 |
if settings.SESSION_COOKIE_NAME in response.cookies: |
32 | 34 |
response.cookies[settings.SESSION_COOKIE_NAME]['samesite'] = 'None' |
33 | 35 |
return response |
hobo/test_urls.py | ||
---|---|---|
8 | 8 |
logging.getLogger(__name__).error('wat!') |
9 | 9 |
if 'raise' in request.GET: |
10 | 10 |
raise Exception('wat!') |
11 |
request.META['CSRF_COOKIE_USED'] = True |
|
12 |
request.META['CSRF_COOKIE'] = 'xxx' |
|
11 | 13 |
return HttpResponse('Hello world %s' % request.META['REMOTE_ADDR']) |
12 | 14 | |
13 | 15 |
urlpatterns = [ |
tests_multitenant/test_middleware.py | ||
---|---|---|
30 | 30 |
response = app.get('/?raise', status=500, extra_environ={'HTTP_HOST': tenants[0].domain_url}) |
31 | 31 |
assert 'You\'re seeing this error because you have' in response.text |
32 | 32 | |
33 | ||
34 |
def test_samesite_middleware(app, tenants, settings): |
|
35 |
settings.ALLOWED_HOSTS = [tenants[0].domain_url] |
|
36 |
response = app.get('/', extra_environ={'HTTP_HOST': tenants[0].domain_url}) |
|
37 |
assert 'SameSite=None' in str(response) |
|
38 |
app.cookiejar.clear() |
|
39 |
settings.CSRF_COOKIE_SAMESITE = 'lax' |
|
40 |
response = app.get('/', extra_environ={'HTTP_HOST': tenants[0].domain_url}) |
|
41 |
assert 'SameSite=Lax' in str(response) |
|
33 |
- |