Skip to content

This repository contains a middleware which automatically sets SameSite attribute for session and csrf cookies in legacy versions of Django.

License

Notifications You must be signed in to change notification settings

FutureMind/django-cookies-samesite

 
 

Repository files navigation

django-cookies-samesite

https://travis-ci.org/jotes/django-cookies-samesite.svg?branch=master

Django 2.1.x introduces support of SameSite flag for session and csrf cookie.

Unfortunately, this functionality will not be ported to older versions of Django e.g. 1.11.x.

This repository contains a middleware which automatically sets SameSite attribute for session and csrf cookies in legacy versions of Django.

Quickstart

Install django-cookies-samesite:

pip install django-cookies-samesite

Add the middleware to the top of MIDDLEWARE_CLASSES:

MIDDLEWARE_CLASSES = (
    'django_cookies_samesite.middleware.CookiesSameSite',
    ...
)

Set your preferred SameSite policy in settings.py:

SESSION_COOKIE_SAMESITE = 'Lax'

This can be 'Lax', 'Strict', or None to disable the flag.

Also, you can set this flag in your custom cookies:

SESSION_COOKIE_SAMESITE_KEYS = {'my-custom-cookies'}

After that you should be able to see SameSite flag set for session and csrf cookies: ![screenshot]()

Running Tests

Does the code actually work?

source <YOURVIRTUALENV>/bin/activate
(myenv) $ pip install tox
(myenv) $ tox

Credits

Tools used in rendering this package:

About

This repository contains a middleware which automatically sets SameSite attribute for session and csrf cookies in legacy versions of Django.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Python 79.6%
  • HTML 13.2%
  • Makefile 7.2%