Can't set cookie for csrftoken

jotes / django-cookies-samesite

This repository contains a middleware which automatically sets SameSite attribute for session and csrf cookies in legacy versions of Django.

BSD 3-Clause "New" or "Revised" License

49 stars 35 forks source link

Can't set cookie for csrftoken #16

Closed sillycube closed 4 years ago

sillycube commented 4 years ago

django-cookies-samesite version: 0.4
Django version: 1.11
Python version: 3.7
Operating System: Ubuntu18.04

Description

I tried to install and add the below config in settings. But the csrftoken cookie can't be set with SameSite=None;Secure. SameSite and Secure are empty

What I Did

in settings.py SESSION_COOKIE_SAMESITE = 'None' SESSION_COOKIE_SECURE = True SESSION_COOKIE_SAMESITE_FORCE_ALL = True

'django_cookies_samesite.middleware.CookiesSameSite' is set to be the first item of MIDDLEWARE

jotes commented 4 years ago

@sillycube Thank you for you report, I'll look into that today.

jotes commented 4 years ago

@sillycube sorry for making you wait. I've tried to reproduce this problem via unit tests, but I couldn't reproduce it. I'll try today to check this problem on the living app. I have a question in the meantime: Does this problem affect only the CSRFToken cookie or all of them?

sillycube commented 4 years ago

I check that sessionid is not affected. SameSite and Secure can be set. I turn out using CSRF_USE_SESSIONS to put csrf token from cookie to session and the problem is solved.

jotes commented 4 years ago

Okay, I'm closing this issue then (feel free to re-open if the problem resurfaces again).