Middleware¶
-
class
polaris.middleware.
PolarisSameSiteMiddleware
(get_response)[source]¶ Middleware to add a SameSite=None attribute to the session cookie for deposit/webapp responses. This is a work-around in-place of
django.http.HttpResponse.set_cookie
, which does not allow samesite values ofNone
.Polaris developers MUST add this class to their Django app’s
settings.MIDDLEWARE
. Specifically, the class must be listed abovedjango.contrib.sessions.middleware.SessionMiddleware
, like so:MIDDLEWARE = [ 'django.middleware.security.SecurityMiddleware', 'polaris.middleware.PolarisSameSiteMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.common.CommonMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware', ]
Fix: https://github.com/django/django/pull/11894/files
Boilerplate code from: https://docs.djangoproject.com/en/2.2/topics/http/middleware