Fixed #27863 -- Added support for the SameSite cookie flag.

Thanks Alex Gaynor for contributing to the patch.
author: Alex Gaynor <alex.gaynor@gmail.com> 2018-04-13 20:58:31 -0400
committer: Tim Graham <timograham@gmail.com> 2018-04-13 20:58:31 -0400
commit: 9a56b4b13ed92d2d5bb00d6bdb905a73bc5f2f0a (patch)
tree: ddb311604d1ec31ec09c8ae12e34dadc821f7536 /django/middleware/csrf.py
parent: 13efbb233a9aa2e3f13be863c6616ec0767a0d58 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/django/middleware/csrf.py b/django/middleware/csrf.py
index a3a6eaf62f..10f878834d 100644
--- a/django/middleware/csrf.py
+++ b/django/middleware/csrf.py
@@ -190,6 +190,7 @@ class CsrfViewMiddleware(MiddlewareMixin):
                 path=settings.CSRF_COOKIE_PATH,
                 secure=settings.CSRF_COOKIE_SECURE,
                 httponly=settings.CSRF_COOKIE_HTTPONLY,
+                samesite=settings.CSRF_COOKIE_SAMESITE,
             )
             # Set the Vary header since content varies with the CSRF cookie.
             patch_vary_headers(response, ('Cookie',))
author	Alex Gaynor <alex.gaynor@gmail.com>	2018-04-13 20:58:31 -0400
committer	Tim Graham <timograham@gmail.com>	2018-04-13 20:58:31 -0400
commit	9a56b4b13ed92d2d5bb00d6bdb905a73bc5f2f0a (patch)
tree	ddb311604d1ec31ec09c8ae12e34dadc821f7536 /django/middleware/csrf.py
parent	13efbb233a9aa2e3f13be863c6616ec0767a0d58 (diff)