summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
authorMariusz Felisiak <felisiak.mariusz@gmail.com>2020-07-16 08:16:58 +0200
committerMariusz Felisiak <felisiak.mariusz@gmail.com>2020-07-16 08:17:45 +0200
commit3ca8cc0df14066133321c186758191f33a26a217 (patch)
tree533109e06ab0ef6c469cedaa176c06de285b354f /docs
parentac699ba647e5d8d764dae1d9cca0562d421ddee2 (diff)
[3.1.x] Fixed #31790 -- Fixed setting SameSite and Secure cookies flags in HttpResponse.delete_cookie().
Cookies with the "SameSite" flag set to None and without the "secure" flag will be soon rejected by latest browser versions. This affects sessions and messages cookies. Backport of 240cbb63bf9965c63d7a3cc9032f91410f414d46 from master
Diffstat (limited to 'docs')
-rw-r--r--docs/ref/request-response.txt6
-rw-r--r--docs/releases/2.2.15.txt17
-rw-r--r--docs/releases/3.0.9.txt7
-rw-r--r--docs/releases/index.txt1
4 files changed, 29 insertions, 2 deletions
diff --git a/docs/ref/request-response.txt b/docs/ref/request-response.txt
index 3c63af5978..86a55bc45d 100644
--- a/docs/ref/request-response.txt
+++ b/docs/ref/request-response.txt
@@ -902,7 +902,7 @@ Methods
Using ``samesite='None'`` (string) was allowed.
-.. method:: HttpResponse.delete_cookie(key, path='/', domain=None)
+.. method:: HttpResponse.delete_cookie(key, path='/', domain=None, samesite=None)
Deletes the cookie with the given key. Fails silently if the key doesn't
exist.
@@ -911,6 +911,10 @@ Methods
values you used in ``set_cookie()`` -- otherwise the cookie may not be
deleted.
+ .. versionchanged:: 2.2.15
+
+ The ``samesite`` argument was added.
+
.. method:: HttpResponse.close()
This method is called at the end of the request directly by the WSGI
diff --git a/docs/releases/2.2.15.txt b/docs/releases/2.2.15.txt
new file mode 100644
index 0000000000..9bd2246b44
--- /dev/null
+++ b/docs/releases/2.2.15.txt
@@ -0,0 +1,17 @@
+===========================
+Django 2.2.15 release notes
+===========================
+
+*Expected August 3, 2020*
+
+Django 2.2.15 fixes a bug in 2.2.14.
+
+Bugfixes
+========
+
+* Allowed setting the ``SameSite`` cookie flag in
+ :meth:`.HttpResponse.delete_cookie` (:ticket:`31790`).
+
+* Fixed setting the ``Secure`` cookie flag in
+ :meth:`.HttpResponse.delete_cookie` for cookies that use ``samesite='none'``
+ (:ticket:`31790`).
diff --git a/docs/releases/3.0.9.txt b/docs/releases/3.0.9.txt
index adc0f30b10..08e16a681f 100644
--- a/docs/releases/3.0.9.txt
+++ b/docs/releases/3.0.9.txt
@@ -9,4 +9,9 @@ Django 3.0.9 fixes several bugs in 3.0.8.
Bugfixes
========
-* ...
+* Allowed setting the ``SameSite`` cookie flag in
+ :meth:`.HttpResponse.delete_cookie` (:ticket:`31790`).
+
+* Fixed setting the ``Secure`` cookie flag in
+ :meth:`.HttpResponse.delete_cookie` for cookies that use ``samesite='none'``
+ (:ticket:`31790`).
diff --git a/docs/releases/index.txt b/docs/releases/index.txt
index 1d9c4fe635..3bc80ccd2e 100644
--- a/docs/releases/index.txt
+++ b/docs/releases/index.txt
@@ -48,6 +48,7 @@ versions of the documentation contain the release notes for any later releases.
.. toctree::
:maxdepth: 1
+ 2.2.15
2.2.14
2.2.13
2.2.12