0001-middleware-define-setting-for-CSRF-cookie-SameSite-v.patch
| hobo/middleware/cookies_samesite.py | ||
|---|---|---|
| 27 | 27 |
# this can be removed once django 2.2 is used and settings. |
| 28 | 28 |
# CSRF_COOKIE_SAMESITE & SESSION_COOKIE_SAMESITE can be used. |
| 29 | 29 |
if settings.CSRF_COOKIE_NAME in response.cookies: |
| 30 |
response.cookies[settings.CSRF_COOKIE_NAME]['samesite'] = 'None' |
|
| 30 |
response.cookies[settings.CSRF_COOKIE_NAME]['samesite'] = ( |
|
| 31 |
getattr(settings, 'CSRF_COOKIE_SAMESITE', 'None').title() |
|
| 32 |
) |
|
| 31 | 33 |
if settings.SESSION_COOKIE_NAME in response.cookies: |
| 32 | 34 |
response.cookies[settings.SESSION_COOKIE_NAME]['samesite'] = 'None' |
| 33 | 35 |
return response |
| hobo/test_urls.py | ||
|---|---|---|
| 8 | 8 |
logging.getLogger(__name__).error('wat!')
|
| 9 | 9 |
if 'raise' in request.GET: |
| 10 | 10 |
raise Exception('wat!')
|
| 11 |
request.META['CSRF_COOKIE_USED'] = True |
|
| 12 |
request.META['CSRF_COOKIE'] = 'xxx' |
|
| 11 | 13 |
return HttpResponse('Hello world %s' % request.META['REMOTE_ADDR'])
|
| 12 | 14 | |
| 13 | 15 |
urlpatterns = [ |
| tests_multitenant/test_middleware.py | ||
|---|---|---|
| 30 | 30 |
response = app.get('/?raise', status=500, extra_environ={'HTTP_HOST': tenants[0].domain_url})
|
| 31 | 31 |
assert 'You\'re seeing this error because you have' in response.text |
| 32 | 32 | |
| 33 | ||
| 34 |
def test_samesite_middleware(app, tenants, settings): |
|
| 35 |
settings.ALLOWED_HOSTS = [tenants[0].domain_url] |
|
| 36 |
response = app.get('/', extra_environ={'HTTP_HOST': tenants[0].domain_url})
|
|
| 37 |
assert 'SameSite=None' in str(response) |
|
| 38 |
app.cookiejar.clear() |
|
| 39 |
settings.CSRF_COOKIE_SAMESITE = 'lax' |
|
| 40 |
response = app.get('/', extra_environ={'HTTP_HOST': tenants[0].domain_url})
|
|
| 41 |
assert 'SameSite=Lax' in str(response) |
|
| 33 |
- |
|