SESSION_COOKIE_SAMESITE - does None still disable the flag?

95 views

Skip to first unread message

אורי‎

unread,

Aug 9, 2020, 8:51:33 AM8/9/20

to django...@googlegroups.com

Hi,

SESSION_COOKIE_SAMESITE - We use None to disable the flag in Django 3.0. Will None (not as a string) disable the flag also in Django 3.1, or do we have to convert it to False?

https://docs.djangoproject.com/en/3.0/ref/settings/#std:setting-SESSION_COOKIE_SAMESITE

https://docs.djangoproject.com/en/3.1/ref/settings/#std:setting-SESSION_COOKIE_SAMESITE

אורי

u...@speedy.net

אורי‎

unread,

Aug 9, 2020, 9:14:35 AM8/9/20

to django...@googlegroups.com

Hi,

https://github.com/django/django/blob/master/django/conf/global_settings.py#L472-L473

# Whether to set the flag restricting cookie leaks on cross-site requests.
# This can be 'Lax', 'Strict', or None to disable the flag.

This is not what is written in https://docs.djangoproject.com/en/3.1/ref/settings/#std:setting-SESSION_COOKIE_SAMESITE ( False: disables the flag. )

אורי

u...@speedy.net

Reply all

Reply to author

Forward

0 new messages