#30862: Explicitly set SameSite: None cookies
-------------------------------------+-------------------------------------
Reporter: Osaetin | Owner: nobody
Daniel |
Type: Bug | Status: new
Component: | Version: 2.2
contrib.sessions | Keywords:
Severity: Normal | cookies,request,response
Triage Stage: | Has patch: 0
Unreviewed |
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
-------------------------------------+-------------------------------------
When setting cookies (with `.set_cookie` and `set_signed_cookie`) the
default value for the `samesite` argument is None but the problem here is
that Django doesn't do anything with the `None` value.
This behaviour used to be fine because most browsers assumed that a
missing `samesite` attribute on a cookie meant None. But now, Chrome has
issued a warning that `samesite` has to be explicitly set to None else the
cookies won't be sent for cross-origin requests.
https://www.chromestatus.com/feature/5633521622188032
--
Ticket URL: <https://code.djangoproject.com/ticket/30862>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/052.f18e09011b3d94a00623661f6595b3d9%40djangoproject.com.
