Middleware

class polaris.middleware.PolarisSameSiteMiddleware[source]

Middleware to add a SameSite=None attribute to the session cookie for deposit/webapp responses. This is a work-around in-place of django.http.HttpResponse.set_cookie, which does not allow samesite values of None.

This is only required if you want to support clients that open interactive URLs in iframes in addition to the recommended strategy of using popups.

If used, the class must be listed above django.contrib.sessions.middleware.SessionMiddleware, like so:

MIDDLEWARE = [
    'django.middleware.security.SecurityMiddleware',
    'polaris.middleware.PolarisSameSiteMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
]

Fix: https://github.com/django/django/pull/11894

Boilerplate code from: https://docs.djangoproject.com/en/2.2/topics/http/middleware