SESSION_COOKIES_SAMESITE has to be 'strict' or 'lax'
hazymoon22 opened this issue · 6 comments
- django-cookies-samesite version: 0.5
- Django version: 2.2.7
- Python version: 3.7
- Operating System: Linux
Description
Chrome now explicitly want us to set the SameSite = "None" to use cross domain cookies.
Django version 2.2.7 does not allow for SESSION_COOKIES_SAMESITE = "None".
What I Did
Install django-cookies-samesite with: pip install django-cookies-samesite
Add this on top of MIDDLEWARE: 'django_cookies_samesite.middleware.CookiesSameSite'
Set SESSION_COOKIES_SAMESITE = "None" in settings.py
Deploy the app with Docker
Result
Encountered this error when access to the webapp:
ValueError: samesite must be "lax" or "strict".
@Fuih Hey,
It looks like Django produces that error because it uses the same setting and that creates a conflict.
A potential workaround for this problem is to use different names for those conflicting settings.
Is a fix for this on the way?
@Fuih Hey,
Can you download the latest release (0.5.1) and add the following setting:
DCS_SESSION_COOKIES_SAMESITE = 'none'
and tell me if that fixed your problem?
@jotes
After i did as the instructions, django no longer throws the error anymore. But since Chrome now required Samesite = "None" has to come with Secure = True in order to use cross domain cookies and i don't have https implemented, i can't test if the package work or not, sorry about that.
@Fuih Don't worry :-) I'm going to close this issue then, because the workaround seems to work.