chore: Update django-cookie-delete-with-all-settings.patch

2023-05-12 11:35:11 -03:00 · 2023-05-12 11:35:11 -03:00 · addc967134
parent ccb7d666ce
commit addc967134
1 changed files with 15 additions and 7 deletions
--- a/patch/django-cookie-delete-with-all-settings.patch
+++ b/patch/django-cookie-delete-with-all-settings.patch
@ -1,6 +1,6 @@
 --- django/contrib/messages/storage/cookie.py.orig	2020-08-13 11:10:36.719177122 +0200
 +++ django/contrib/messages/storage/cookie.py	2020-08-13 11:45:23.503463150 +0200
-@@ -92,6 +92,8 @@
+@@ -95,6 +95,8 @@
             response.delete_cookie(
                 self.cookie_name,
                 domain=settings.SESSION_COOKIE_DOMAIN,
@ -11,22 +11,30 @@
 
 --- django/http/response.py.orig	2020-08-13 11:16:04.060627793 +0200
 +++ django/http/response.py	2020-08-13 11:54:03.482476973 +0200
-@@ -209,12 +209,18 @@
+@@ -210,12 +210,18 @@
         value = signing.get_cookie_signer(salt=key + salt).sign(value)
         return self.set_cookie(key, value, **kwargs)
 
 -    def delete_cookie(self, key, path='/', domain=None, samesite=None):
 +    def delete_cookie(self, key, path='/', domain=None, secure=False, httponly=False, samesite=None):
-         # Most browsers ignore the Set-Cookie header if the cookie name starts
-         # with __Host- or __Secure- and the cookie doesn't use the secure flag.
-        secure = key.startswith(('__Secure-', '__Host-'))
+         # Browsers can ignore the Set-Cookie header if the cookie doesn't use
+         # the secure flag and:
+         # - the cookie name starts with "__Host-" or "__Secure-", or
+         # - the samesite is "none".
+-        secure = (
+-            key.startswith(('__Secure-', '__Host-')) or
+-            (samesite and samesite.lower() == 'none')
+-        )
 +        if key in self.cookies:
 +            domain     = self.cookies[key].get('domain', domain)
 +            secure     = self.cookies[key].get('secure', secure)
 +            httponly   = self.cookies[key].get('httponly', httponly)
 +            samesite   = self.cookies[key].get('samesite', samesite)
 +        else:
-+            secure = secure or key.startswith(('__Secure-', '__Host-'))
+            secure = secure or (
+                key.startswith(('__Secure-', '__Host-')) or
+                (samesite and samesite.lower() == 'none')
+            )
         self.set_cookie(
 -            key, max_age=0, path=path, domain=domain, secure=secure,
 +            key, max_age=0, path=path, domain=domain, secure=secure, httponly=httponly,
@ -35,7 +43,7 @@
 
 --- django/contrib/sessions/middleware.py.orig	2020-08-13 12:12:12.401898114 +0200
 +++ django/contrib/sessions/middleware.py	2020-08-13 12:14:52.690520659 +0200
-@@ -38,6 +38,8 @@
+@@ -42,6 +42,8 @@
                 settings.SESSION_COOKIE_NAME,
                 path=settings.SESSION_COOKIE_PATH,
                 domain=settings.SESSION_COOKIE_DOMAIN,