diff options
| author | Mariusz Felisiak <felisiak.mariusz@gmail.com> | 2020-07-16 09:30:15 +0200 |
|---|---|---|
| committer | Mariusz Felisiak <felisiak.mariusz@gmail.com> | 2020-07-16 09:35:35 +0200 |
| commit | f1a6e6c817f3205ea7da6f973f51524ff630dda5 (patch) | |
| tree | 0c68c7a7ddcea7000cb2f83f636397f3ac7d7b0b /docs/ref | |
| parent | 6f09ee2be3c0ce07b096af7ac63b64ee7cfc23cf (diff) | |
[2.2.x] Fixed #31790 -- Fixed setting SameSite cookies flag in HttpResponse.delete_cookie().
Cookies with the "SameSite" flag set to None and without the "secure"
flag will be soon rejected by latest browser versions.
This affects sessions and messages cookies.
Backport of 331324ecce1330dce3dbd1713203cb9a42854ad7 from stable/3.0.x
Diffstat (limited to 'docs/ref')
| -rw-r--r-- | docs/ref/request-response.txt | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/docs/ref/request-response.txt b/docs/ref/request-response.txt index 08eaf62ca4..c0fb0133f3 100644 --- a/docs/ref/request-response.txt +++ b/docs/ref/request-response.txt @@ -841,7 +841,7 @@ Methods you will need to remember to pass it to the corresponding :meth:`HttpRequest.get_signed_cookie` call. -.. method:: HttpResponse.delete_cookie(key, path='/', domain=None) +.. method:: HttpResponse.delete_cookie(key, path='/', domain=None, samesite=None) Deletes the cookie with the given key. Fails silently if the key doesn't exist. @@ -850,6 +850,10 @@ Methods values you used in ``set_cookie()`` -- otherwise the cookie may not be deleted. + .. versionchanged:: 2.2.15 + + The ``samesite`` argument was added. + .. method:: HttpResponse.close() This method is called at the end of the request directly by the WSGI |
