diff options
| author | Mariusz Felisiak <felisiak.mariusz@gmail.com> | 2020-07-16 08:16:58 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-07-16 08:16:58 +0200 |
| commit | 240cbb63bf9965c63d7a3cc9032f91410f414d46 (patch) | |
| tree | 14d5fcd1e195f9ceae2c04082a56dfc978f291cb /docs | |
| parent | 156a2138db20abc89933121e4ff2ee2ce56a173a (diff) | |
Fixed #31790 -- Fixed setting SameSite and Secure cookies flags in HttpResponse.delete_cookie().
Cookies with the "SameSite" flag set to None and without the "secure"
flag will be soon rejected by latest browser versions.
This affects sessions and messages cookies.
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/ref/request-response.txt | 6 | ||||
| -rw-r--r-- | docs/releases/2.2.15.txt | 17 | ||||
| -rw-r--r-- | docs/releases/3.0.9.txt | 7 | ||||
| -rw-r--r-- | docs/releases/index.txt | 1 |
4 files changed, 29 insertions, 2 deletions
diff --git a/docs/ref/request-response.txt b/docs/ref/request-response.txt index 705da1842a..80e3e1e6ed 100644 --- a/docs/ref/request-response.txt +++ b/docs/ref/request-response.txt @@ -890,7 +890,7 @@ Methods Using ``samesite='None'`` (string) was allowed. -.. method:: HttpResponse.delete_cookie(key, path='/', domain=None) +.. method:: HttpResponse.delete_cookie(key, path='/', domain=None, samesite=None) Deletes the cookie with the given key. Fails silently if the key doesn't exist. @@ -899,6 +899,10 @@ Methods values you used in ``set_cookie()`` -- otherwise the cookie may not be deleted. + .. versionchanged:: 2.2.15 + + The ``samesite`` argument was added. + .. method:: HttpResponse.close() This method is called at the end of the request directly by the WSGI diff --git a/docs/releases/2.2.15.txt b/docs/releases/2.2.15.txt new file mode 100644 index 0000000000..9bd2246b44 --- /dev/null +++ b/docs/releases/2.2.15.txt @@ -0,0 +1,17 @@ +=========================== +Django 2.2.15 release notes +=========================== + +*Expected August 3, 2020* + +Django 2.2.15 fixes a bug in 2.2.14. + +Bugfixes +======== + +* Allowed setting the ``SameSite`` cookie flag in + :meth:`.HttpResponse.delete_cookie` (:ticket:`31790`). + +* Fixed setting the ``Secure`` cookie flag in + :meth:`.HttpResponse.delete_cookie` for cookies that use ``samesite='none'`` + (:ticket:`31790`). diff --git a/docs/releases/3.0.9.txt b/docs/releases/3.0.9.txt index adc0f30b10..08e16a681f 100644 --- a/docs/releases/3.0.9.txt +++ b/docs/releases/3.0.9.txt @@ -9,4 +9,9 @@ Django 3.0.9 fixes several bugs in 3.0.8. Bugfixes ======== -* ... +* Allowed setting the ``SameSite`` cookie flag in + :meth:`.HttpResponse.delete_cookie` (:ticket:`31790`). + +* Fixed setting the ``Secure`` cookie flag in + :meth:`.HttpResponse.delete_cookie` for cookies that use ``samesite='none'`` + (:ticket:`31790`). diff --git a/docs/releases/index.txt b/docs/releases/index.txt index e7f1517902..d37faf03c7 100644 --- a/docs/releases/index.txt +++ b/docs/releases/index.txt @@ -55,6 +55,7 @@ versions of the documentation contain the release notes for any later releases. .. toctree:: :maxdepth: 1 + 2.2.15 2.2.14 2.2.13 2.2.12 |
