From 57026bbb5f69b7e4cd81daa93d17061e031b533d Mon Sep 17 00:00:00 2001 From: Jennifer Richards Date: Wed, 10 May 2023 15:55:25 -0300 Subject: [PATCH] Revert "chore: Remove django-cookie-delete-with-all-settings.patch" This reverts commit 2cf2a3dee69bbc15dcfac30c8bbaaf7929418389. --- ietf/settings.py | 4 +- ...ango-cookie-delete-with-all-settings.patch | 46 +++++++++++++++++++ 2 files changed, 49 insertions(+), 1 deletion(-) create mode 100644 patch/django-cookie-delete-with-all-settings.patch diff --git a/ietf/settings.py b/ietf/settings.py index cbbc6d418..00e7f292f 100644 --- a/ietf/settings.py +++ b/ietf/settings.py @@ -76,7 +76,7 @@ MANAGERS = ADMINS DATABASES = { 'default': { 'NAME': 'datatracker', - 'ENGINE': 'django.db.backends.postgresql', + 'ENGINE': 'django.db.backends.postgresql_psycopg2', 'USER': 'ietf', #'PASSWORD': 'somepassword', }, @@ -430,6 +430,7 @@ INSTALLED_APPS = [ 'corsheaders', 'django_markup', 'django_password_strength', + 'form_utils', 'oidc_provider', 'simple_history', 'tastypie', @@ -1122,6 +1123,7 @@ CHECKS_LIBRARY_PATCHES_TO_APPLY = [ 'patch/fix-jwkest-jwt-logging.patch', 'patch/fix-django-password-strength-kwargs.patch', 'patch/add-django-http-cookie-value-none.patch', + 'patch/django-cookie-delete-with-all-settings.patch', 'patch/tastypie-django22-fielderror-response.patch', ] if DEBUG: diff --git a/patch/django-cookie-delete-with-all-settings.patch b/patch/django-cookie-delete-with-all-settings.patch new file mode 100644 index 000000000..830f031d7 --- /dev/null +++ b/patch/django-cookie-delete-with-all-settings.patch @@ -0,0 +1,46 @@ +--- django/contrib/messages/storage/cookie.py.orig 2020-08-13 11:10:36.719177122 +0200 ++++ django/contrib/messages/storage/cookie.py 2020-08-13 11:45:23.503463150 +0200 +@@ -92,6 +92,8 @@ + response.delete_cookie( + self.cookie_name, + domain=settings.SESSION_COOKIE_DOMAIN, ++ secure=settings.SESSION_COOKIE_SECURE or None, ++ httponly=settings.SESSION_COOKIE_HTTPONLY or None, + samesite=settings.SESSION_COOKIE_SAMESITE, + ) + +--- django/http/response.py.orig 2020-08-13 11:16:04.060627793 +0200 ++++ django/http/response.py 2020-08-13 11:54:03.482476973 +0200 +@@ -210,12 +210,18 @@ + value = signing.get_cookie_signer(salt=key + salt).sign(value) + return self.set_cookie(key, value, **kwargs) + +- def delete_cookie(self, key, path='/', domain=None, samesite=None): ++ def delete_cookie(self, key, path='/', domain=None, secure=False, httponly=False, samesite=None): + # Most browsers ignore the Set-Cookie header if the cookie name starts + # with __Host- or __Secure- and the cookie doesn't use the secure flag. +- secure = key.startswith(('__Secure-', '__Host-')) ++ if key in self.cookies: ++ domain = self.cookies[key].get('domain', domain) ++ secure = self.cookies[key].get('secure', secure) ++ httponly = self.cookies[key].get('httponly', httponly) ++ samesite = self.cookies[key].get('samesite', samesite) ++ else: ++ secure = secure or key.startswith(('__Secure-', '__Host-')) + self.set_cookie( +- key, max_age=0, path=path, domain=domain, secure=secure, ++ key, max_age=0, path=path, domain=domain, secure=secure, httponly=httponly, + expires='Thu, 01 Jan 1970 00:00:00 GMT', samesite=samesite, + ) + +--- django/contrib/sessions/middleware.py.orig 2020-08-13 12:12:12.401898114 +0200 ++++ django/contrib/sessions/middleware.py 2020-08-13 12:14:52.690520659 +0200 +@@ -39,6 +39,8 @@ + settings.SESSION_COOKIE_NAME, + path=settings.SESSION_COOKIE_PATH, + domain=settings.SESSION_COOKIE_DOMAIN, ++ secure=settings.SESSION_COOKIE_SECURE or None, ++ httponly=settings.SESSION_COOKIE_HTTPONLY or None, + samesite=settings.SESSION_COOKIE_SAMESITE, + ) + else: