-
Notifications
You must be signed in to change notification settings - Fork 60
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow Setting Pinning Cookie Attributes #53
Allow Setting Pinning Cookie Attributes #53
Conversation
Hey @jbalogh, hope you are well! I just wanted to check to see if this change is something you would consider accepting at some point. (Full disclosure, @dchukhin is on my team at Caktus). We're happy to help in any way with merge and/or release. Thanks as always for the numerous Django packages we seem to find handy! 🙂 |
Hey, I'm not @jbalogh but I can review that, sorry for not catching it earlier. |
Also: if you rebase/merge with |
…s' into allow-setting-cookie-attributes
Add test for pinning cookie httponly, samesite, secure attributes
Hi @diox , I think these changes are what you were looking for. GitHub says you need to manually approve running CI on this PR because it's from a first-time contributor to this repository. Cheers! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Awesome, thanks for doing this
0.10 has been released with this change. |
This pull request allows users to set the pinning cookie's 'Secure', 'HttpOnly', and 'SameSite' attributes by using settings, which are based on Django's
CSRF_COOKIE_SECURE
,CSRF_COOKIE_HTTPONLY
, andCSRF_COOKIE_SAMESITE
settings.The defaults for these settings keep the current behavior: not Secure, not HttpOnly, and 'Lax' SameSite (currently, the SameSite attribute is unset, which should default to 'Lax' in browsers).
A part of this work also changes the
PINNING_COOKIE
andPINNING_SECONDS
inmultidb/middleware.py
to be functions, so they can be tested more easily.