Changes between Version 3 and Version 4 of Ticket #31218
- Timestamp:
- Jan 30, 2020, 1:58:03 AM (4 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #31218 – Description
v3 v4 1 Google is now requesting, starting from Chrome 80 (from February 4th ), to add "SameSite=None; Secure" to cookies (https://www.chromium.org/updates/same-site), otherwise it will not be considered as not CSRF-proof anymore by Chrome.1 Google is now requesting, starting from Chrome 80 (from February 4th, 2020), to add "SameSite=None; Secure" to cookies (https://www.chromium.org/updates/same-site), otherwise it will not be considered as not CSRF-proof anymore by Chrome. 2 2 3 3 In all Django release branches, response.set_cookie() method is not accepting "samesite" key set to "None" , but it seems it has been done in master branch (https://github.com/django/django/commit/b33bfc383935cd26e19a2cf71d066ac6edd1425f).