I spotted a Firefox warning issued for our DjNRO site:
Cookie “csrftoken” will be soon rejected because it has the “SameSite” attribute
set to “None” or an invalid value, without the “secure” attribute.
To know more about the “SameSite“ attribute, read
https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite
And I saw that while djnro/settings.py sets SESSION_COOKIE_SECURE to True, it wasn't setting CSRF_COOKIE_SECURE - so adding that in a trivial fix.
Hi @zmousm ,
I spotted a Firefox warning issued for our DjNRO site:
And I saw that while
djnro/settings.py
setsSESSION_COOKIE_SECURE
toTrue
, it wasn't settingCSRF_COOKIE_SECURE
- so adding that in a trivial fix.Should be easy to merge.
Cheers, Vlad