Middleware

class polaris.middleware.PolarisSameSiteMiddleware(get_response)[source]

Middleware to add a SameSite=None attribute to the session cookie for deposit/webapp responses. This is a work-around in-place of django.http.HttpResponse.set_cookie, which does not allow samesite values of None.

Polaris developers MUST add this class to their Django app’s settings.MIDDLEWARE. Specifically, the class must be listed above django.contrib.sessions.middleware.SessionMiddleware, like so:

MIDDLEWARE = [
    'django.middleware.security.SecurityMiddleware',
    'polaris.middleware.PolarisSameSiteMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
]

Fix: https://github.com/django/django/pull/11894/files

Boilerplate code from: https://docs.djangoproject.com/en/2.2/topics/http/middleware