From aa7950e31b643cfa6f7479b26c5805294d700d71 Mon Sep 17 00:00:00 2001
From: Henrik Levkowetz <henrik@levkowetz.com>
Date: Thu, 13 Aug 2020 10:53:05 +0000
Subject: [PATCH] Use the same 'Secure' and 'SameSite' cookie settings for
 application cookies as for session cookies, rather than hardcoded values
 (DRY).  - Legacy-Id: 18360

---
 ietf/cookies/views.py | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/ietf/cookies/views.py b/ietf/cookies/views.py
index 2755436df..472fd8cc1 100644
--- a/ietf/cookies/views.py
+++ b/ietf/cookies/views.py
@@ -37,9 +37,20 @@ def preferences(request, **kwargs):
     response = render(request, "cookies/settings.html", preferences )
     for key in new_cookies:
         response.set_cookie(key, new_cookies[key],
-            max_age=settings.PREFERENCES_COOKIE_AGE, secure=True, samesite='None')
+            max_age=settings.PREFERENCES_COOKIE_AGE,
+            secure=settings.SESSION_COOKIE_SECURE or None,
+            httponly=settings.SESSION_COOKIE_HTTPONLY or None,
+            samesite=settings.SESSION_COOKIE_SAMESITE,
+        )
     for key in del_cookies:
-        response.delete_cookie(key)
+        response.delete_cookie(key, 
+            secure=settings.SESSION_COOKIE_SECURE or None,
+            httponly=settings.SESSION_COOKIE_HTTPONLY or None,
+            samesite=settings.SESSION_COOKIE_SAMESITE,
+        )
+ 
+--- django/http/response.py.or
+secure=True, sames)
     return response
 
 def new_enough(request, days=None):