Opened 5 years ago
Last modified 5 years ago
#31218 closed Bug
response.set_cookie() method not accepting "samesite" key set to "None" in release versions — at Version 3
| Reported by: | Adrien Carpentier | Owned by: | nobody |
|---|---|---|---|
| Component: | HTTP handling | Version: | 2.2 |
| Severity: | Normal | Keywords: | set_cookie, SameSite, CSRF, cookie |
| Cc: | Triage Stage: | Unreviewed | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description (last modified by )
Google is now requesting, starting from Chrome 80 (from February 4th), to add "SameSite=None; Secure" to cookies (https://www.chromium.org/updates/same-site), otherwise it will not be considered as not CSRF-proof anymore by Chrome.
In all Django release branches, response.set_cookie() method is not accepting "samesite" key set to "None" , but it seems it has been done in master branch (https://github.com/django/django/commit/b33bfc383935cd26e19a2cf71d066ac6edd1425f).
Do you know when it will be merged to the latest release branch(es)?
Change History (3)
comment:1 by , 5 years ago
| Description: | modified (diff) |
|---|---|
| Summary: | response.set_cookie method not accepting "samesite" key set to "None" in release versions → response.set_cookie() method not accepting "samesite" key set to "None" in release versions |
comment:2 by , 5 years ago
| Description: | modified (diff) |
|---|
comment:3 by , 5 years ago
| Description: | modified (diff) |
|---|
Note:
See TracTickets
for help on using tickets.