I spotted a Firefox warning issued for our DjNRO site:
Cookie “csrftoken” will be soon rejected because it has the “SameSite” attribute
set to “None” or an invalid value, without the “secure” attribute.
To know more about the “SameSite“ attribute, read
https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite
And I saw that while djnro/settings.py sets SESSION_COOKIE_SECURE to True, it wasn't setting CSRF_COOKIE_SECURE - so adding that in a trivial fix.
zmousm
commented
3 years ago
Hi @zmousm ,
I spotted a Firefox warning issued for our DjNRO site:
And I saw that while
djnro/settings.pysetsSESSION_COOKIE_SECUREtoTrue, it wasn't settingCSRF_COOKIE_SECURE- so adding that in a trivial fix.Should be easy to merge.
Cheers, Vlad