Changes between Initial Version and Version 1 of Ticket #31635
- Timestamp:
- May 27, 2020, 3:27:30 AM (5 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #31635 – Description
initial v1 5 5 The best would be to keep SameSite option on CSRF and Session cookies for the admin and the rest of the site, except for a particular set of views. 6 6 7 This is currently possible by adding a new middleware that will delete the samesite key on the response cookies, I suppose it's fine if that API is going to be supported on the long term, otherwise we should find a public API allowing Django projects to benefit from SameSite in views such as the Admin while having it disabled , like with @xframe_options_exempt7 This is currently possible by adding a new middleware that will delete the samesite key on the response cookies, I suppose it's fine if that API is going to be supported on the long term, otherwise we should find a public API allowing Django projects to benefit from SameSite in views such as the Admin while having it disabled on other views, like with @xframe_options_exempt