Skip to content

Commit

Permalink
Add samesite attribute in the delete_cookie call
Browse files Browse the repository at this point in the history
  • Loading branch information
vamonte committed Sep 17, 2020
1 parent d6ff1f0 commit 80fb7ae
Showing 1 changed file with 5 additions and 2 deletions.
7 changes: 5 additions & 2 deletions rest_framework_simplejwt/views.py
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@
from .exceptions import InvalidToken, TokenError

#Need to set samesite to None. (Available in django 3.1)
# set secure to True with None
class Response(R):

def set_cookie(self, key, value='', max_age=None, expires=None, path='/',
Expand Down Expand Up @@ -56,7 +57,7 @@ def set_cookie(self, key, value='', max_age=None, expires=None, path='/',
self.cookies[key]['path'] = path
if domain is not None:
self.cookies[key]['domain'] = domain
if secure:
if secure or samesite == 'none':
self.cookies[key]['secure'] = True
if httponly:
self.cookies[key]['httponly'] = True
Expand Down Expand Up @@ -256,12 +257,14 @@ def delete_auth_cookies(self, response):
response.delete_cookie(
api_settings.AUTH_COOKIE,
domain=api_settings.AUTH_COOKIE_DOMAIN,
path=api_settings.AUTH_COOKIE_PATH
path=api_settings.AUTH_COOKIE_PATH,
samesite=api_settings.AUTH_COOKIE_SAMESITE
)
response.delete_cookie(
'{}_refresh'.format(api_settings.AUTH_COOKIE),
domain=None,
path=reverse(self.token_refresh_view_name),
samesite=api_settings.AUTH_COOKIE_SAMESITE
)


Expand Down

0 comments on commit 80fb7ae

Please sign in to comment.