Opened 5 years ago
Closed 5 years ago
#32101 closed New feature (wontfix)
Handle SameSite=None Known Incompatible Clients
| Reported by: | Dulmandakh | Owned by: | nobody |
|---|---|---|---|
| Component: | Core (Other) | Version: | 3.1 |
| Severity: | Normal | Keywords: | |
| Cc: | Triage Stage: | Unreviewed | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
I recently bumped into issues with SameSite=None cookies, and found that some browsers are incompatible (https://www.chromium.org/updates/same-site/incompatible-clients).
I think that Django should handle this, because handling this is non-trivial. For me, I wrote custom SessionMiddleware to work around the issue.
I would like to work on a fix, if core devs are interested and maybe release in a next bug fix release.
Change History (1)
comment:1 by , 5 years ago
| Component: | contrib.sessions → Core (Other) |
|---|---|
| Resolution: | → wontfix |
| Status: | new → closed |
| Type: | Bug → New feature |
Note:
See TracTickets
for help on using tickets.
I don't think that Django should include hooks based on user agents for detecting bugs in old browsers. It sounds like a third-party package is the best way to proceed.
You can start a discussion on DevelopersMailingList if you don't agree.