Opened 5 years ago

Last modified 5 years ago

#31218 closed Bug

response.set_cookie() method not accepting "samesite" key set to "None" in release versions — at Version 1

Reported by: Adrien Carpentier Owned by: nobody
Component: HTTP handling Version: 2.2
Severity: Normal Keywords: set_cookie, SameSite, CSRF, cookie
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description (last modified by Adrien Carpentier)

Google is now requesting, starting from Chrome 80 (from February 4th), to add "SameSite=None; Secure" to cookies (https://www.chromium.org/updates/same-site), otherwise it will not be considered as not CSRF-proof anymore by Chrome.

In all Django release branches, response.set_cookie() method is not accepting "samesite" key set to "None" , but it seems it has been done in master branch (https://www.chromium.org/updates/same-site).

Do you know when it will be merged to release branche(s)?

Change History (1)

comment:1 by Adrien Carpentier, 5 years ago

Description: modified (diff)
Summary: response.set_cookie method not accepting "samesite" key set to "None" in release versionsresponse.set_cookie() method not accepting "samesite" key set to "None" in release versions
Note: See TracTickets for help on using tickets.
Back to Top