Changes between Initial Version and Version 1 of Ticket #31635


Ignore:
Timestamp:
May 27, 2020, 3:27:30 AM (5 years ago)
Author:
James Pic
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #31635 – Description

    initial v1  
    55The best would be to keep SameSite option on CSRF and Session cookies for the admin and the rest of the site, except for a particular set of views.
    66
    7 This is currently possible by adding a new middleware that will delete the samesite key on the response cookies, I suppose it's fine if that API is going to be supported on the long term, otherwise we should find a public API allowing Django projects to benefit from SameSite in views such as the Admin while having it disabled, like with @xframe_options_exempt
     7This is currently possible by adding a new middleware that will delete the samesite key on the response cookies, I suppose it's fine if that API is going to be supported on the long term, otherwise we should find a public API allowing Django projects to benefit from SameSite in views such as the Admin while having it disabled on other views, like with @xframe_options_exempt
Back to Top