From 240cbb63bf9965c63d7a3cc9032f91410f414d46 Mon Sep 17 00:00:00 2001 From: Mariusz Felisiak Date: Thu, 16 Jul 2020 08:16:58 +0200 Subject: Fixed #31790 -- Fixed setting SameSite and Secure cookies flags in HttpResponse.delete_cookie(). Cookies with the "SameSite" flag set to None and without the "secure" flag will be soon rejected by latest browser versions. This affects sessions and messages cookies. --- docs/ref/request-response.txt | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'docs/ref') diff --git a/docs/ref/request-response.txt b/docs/ref/request-response.txt index 705da1842a..80e3e1e6ed 100644 --- a/docs/ref/request-response.txt +++ b/docs/ref/request-response.txt @@ -890,7 +890,7 @@ Methods Using ``samesite='None'`` (string) was allowed. -.. method:: HttpResponse.delete_cookie(key, path='/', domain=None) +.. method:: HttpResponse.delete_cookie(key, path='/', domain=None, samesite=None) Deletes the cookie with the given key. Fails silently if the key doesn't exist. @@ -899,6 +899,10 @@ Methods values you used in ``set_cookie()`` -- otherwise the cookie may not be deleted. + .. versionchanged:: 2.2.15 + + The ``samesite`` argument was added. + .. method:: HttpResponse.close() This method is called at the end of the request directly by the WSGI -- cgit v1.3