#31871: SESSION_COOKIE_SAMESITE comment in global_settings is outdated.
--------------------------------------+------------------------------------
Reporter: אורי | Owner: nobody
Type: Cleanup/optimization | Status: new
Component: Core (Other) | Version: 3.1
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
--------------------------------------+------------------------------------
Changes (by felixxm):
* type: Uncategorized => Cleanup/optimization
* version: master => 3.1
* easy: 0 => 1
* stage: Unreviewed => Accepted
Comment:
Agreed, we should update comments in `django/conf/global_settings.py`:
{{{
# Whether to set the flag restricting cookie leaks on cross-site requests.
# This can be 'Lax', 'Strict', 'None', or False to disable the flag.
}}}
> As a side note, I understand that using None can also disable the flag -
not only False, and I think this should be documented (since None was the
way to disable the flag with Django <= 3.0 - so it should be documented
that None still works like before).
Yes you can use `None` but it's not a recommended, we've changed `None` to
`False` in docs to avoid confusions with `'none'` (see
[https://github.com/django/django/pull/11894#discussion_r356541094
comments]) and IMO we shouldn't bring it back in docs.
--
Ticket URL: <https://code.djangoproject.com/ticket/31871#comment:1>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/069.0cb1fbf5105ccf9c6271682ef7dfcbdb%40djangoproject.com.
