0005-set-CSRF_COOKIE_SAMESITE-to-None-49283.patch
debian/debian_config_common.py | ||
---|---|---|
266 | 266 |
SESSION_COOKIE_SECURE = True |
267 | 267 |
SESSION_EXPIRE_AT_BROWSER_CLOSE = True |
268 | 268 |
SESSION_COOKIE_AGE = 36000 # 10h |
269 | ||
270 |
CSRF_COOKIE_SAMESITE = None |
|
269 | 271 |
# Apply sessionNotOnOrAfter on session expiration date |
270 | 272 |
SESSION_ENGINE = 'mellon.sessions_backends.cached_db' |
271 | 273 |
hobo/middleware/cookies_samesite.py | ||
---|---|---|
27 | 27 |
# this can be removed once django 2.2 is used and settings. |
28 | 28 |
# CSRF_COOKIE_SAMESITE & SESSION_COOKIE_SAMESITE can be used. |
29 | 29 |
if settings.CSRF_COOKIE_NAME in response.cookies: |
30 |
response.cookies[settings.CSRF_COOKIE_NAME]['samesite'] = ( |
|
31 |
getattr(settings, 'CSRF_COOKIE_SAMESITE', 'None').title() |
|
32 |
) |
|
30 |
same_site = settings.CSRF_COOKIE_SAMESITE or 'None' |
|
31 |
response.cookies[settings.CSRF_COOKIE_NAME]['samesite'] = same_site.title() |
|
33 | 32 |
if settings.SESSION_COOKIE_NAME in response.cookies: |
34 | 33 |
response.cookies[settings.SESSION_COOKIE_NAME]['samesite'] = 'None' |
35 | 34 |
return response |
36 |
- |