mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-10-24 06:06:09 +00:00
Code Issues 32 Releases Wiki Activity

Fixed #31790 -- Fixed setting SameSite and Secure cookies flags in HttpResponse.delete_cookie().

Browse Source 
Cookies with the "SameSite" flag set to None and without the "secure"
flag will be soon rejected by latest browser versions.

This affects sessions and messages cookies.
This commit is contained in:
Mariusz Felisiak
2020-07-16 08:16:58 +02:00
committed by GitHub
parent 156a2138db
commit 240cbb63bf
10 changed files with 66 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
docs/ref/request-response.txt
View File

@@ -890,7 +890,7 @@ Methods
Using ``samesite='None'`` (string) was allowed.
.. method:: HttpResponse.delete_cookie(key, path='/', domain=None)
.. method:: HttpResponse.delete_cookie(key, path='/', domain=None, samesite=None)
Deletes the cookie with the given key. Fails silently if the key doesn't
exist.
@@ -899,6 +899,10 @@ Methods
values you used in ``set_cookie()`` -- otherwise the cookie may not be
deleted.
.. versionchanged:: 2.2.15
The ``samesite`` argument was added.
.. method:: HttpResponse.close()
This method is called at the end of the request directly by the WSGI