altf4arnold/datatracker
1
0
Fork 0
Code Issues Pull requests Actions 3 Packages Projects Releases Wiki Activity

Use the same 'Secure' and 'SameSite' cookie settings for application cookies as for session cookies, rather than hardcoded values (DRY).

Browse source 
- Legacy-Id: 18360
This commit is contained in:
Henrik Levkowetz 2020-08-13 10:53:05 +00:00
parent 4712e8370c
commit aa7950e31b
1 changed files with 13 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
ietf/cookies/views.py
View file

@ -37,9 +37,20 @@ def preferences(request, **kwargs):
response = render(request, "cookies/settings.html", preferences )
for key in new_cookies:
response.set_cookie(key, new_cookies[key],
max_age=settings.PREFERENCES_COOKIE_AGE, secure=True, samesite='None')
max_age=settings.PREFERENCES_COOKIE_AGE,
secure=settings.SESSION_COOKIE_SECURE or None,
httponly=settings.SESSION_COOKIE_HTTPONLY or None,
samesite=settings.SESSION_COOKIE_SAMESITE,
)
for key in del_cookies:
response.delete_cookie(key)
response.delete_cookie(key,
secure=settings.SESSION_COOKIE_SECURE or None,
httponly=settings.SESSION_COOKIE_HTTPONLY or None,
samesite=settings.SESSION_COOKIE_SAMESITE,
)
--- django/http/response.py.or
secure=True, sames)
return response
def new_enough(request, days=None):