Changes between Version 2 and Version 3 of Ticket #30250


Ignore:
Timestamp:
Mar 13, 2019, 10:11:06 AM (6 years ago)
Author:
Flávio Juvenal
Comment:

Legend:

Unmodified
Added
Removed
Modified

  • Ticket #30250 – Description

    v2 v3  
    77- SAML flow: https://github.com/IronCountySchoolDistrict/django-python3-saml/issues/1
    88
    9 Since Safari 12 is the current stable version and it's widely deployed on iOS devices, I believe the Django default for `CSRF_COOKIE_SAMESITE` and `SESSION_COOKIE_SAMESITE` should be `None`, not `Lax`. That's the most general solution and it's [https://github.com/aspnet/Announcements/issues/318 the one recommended by Microsoft to fix the similar issue on ASP.NET].
     9Since Safari 12 is the current stable version and it's widely deployed on iOS devices, I believe the Django default for `CSRF_COOKIE_SAMESITE` and `SESSION_COOKIE_SAMESITE` should be `None`, not `Lax`. That's the most general solution and it's [https://github.com/aspnet/Announcements/issues/318 the one recommended by Microsoft to fix the similar issue on ASP.NET] (they didn't change the default, though).
    1010
    1111Core developers, could you please let me know if you agree with that change, so I can make a PR updating the defaults and the documentation?
Back to Top