Fixed #30862 -- Allowed setting SameSite cookies flags to 'none'.

Thanks Florian Apolloner and Carlton Gibson for reviews.
author: Osaetin Daniel <osaetindaniel@gmail.com> 2019-10-09 07:42:55 -0400
committer: Mariusz Felisiak <felisiak.mariusz@gmail.com> 2019-12-12 10:52:31 +0100
commit: b33bfc383935cd26e19a2cf71d066ac6edd1425f (patch)
tree: 660d196a06d609d7ed98c4052c93d584fb2b5948 /django/http
parent: 14e690ae5a6d4ddeb1ac021f78e2e6e333214ef8 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/django/http/response.py b/django/http/response.py
index 269953c0af..596732a5b8 100644
--- a/django/http/response.py
+++ b/django/http/response.py
@@ -197,8 +197,8 @@ class HttpResponseBase:
         if httponly:
             self.cookies[key]['httponly'] = True
         if samesite:
-            if samesite.lower() not in ('lax', 'strict'):
-                raise ValueError('samesite must be "lax" or "strict".')
+            if samesite.lower() not in ('lax', 'none', 'strict'):
+                raise ValueError('samesite must be "lax", "none", or "strict".')
             self.cookies[key]['samesite'] = samesite
 
     def setdefault(self, key, value):
author	Osaetin Daniel <osaetindaniel@gmail.com>	2019-10-09 07:42:55 -0400
committer	Mariusz Felisiak <felisiak.mariusz@gmail.com>	2019-12-12 10:52:31 +0100
commit	b33bfc383935cd26e19a2cf71d066ac6edd1425f (patch)
tree	660d196a06d609d7ed98c4052c93d584fb2b5948 /django/http
parent	14e690ae5a6d4ddeb1ac021f78e2e6e333214ef8 (diff)