Middleware¶
-
class
polaris.middleware.
PolarisSameSiteMiddleware
[source]¶ Middleware to add a SameSite=None attribute to the session cookie for deposit/webapp responses. This is a work-around in-place of
django.http.HttpResponse.set_cookie
, which does not allow samesite values ofNone
.This is only required if you want to support clients that open interactive URLs in iframes in addition to the recommended strategy of using popups.
If used, the class must be listed above
django.contrib.sessions.middleware.SessionMiddleware
, like so:MIDDLEWARE = [ 'django.middleware.security.SecurityMiddleware', 'polaris.middleware.PolarisSameSiteMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.common.CommonMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware', ]
Fix: https://github.com/django/django/pull/11894
Boilerplate code from: https://docs.djangoproject.com/en/2.2/topics/http/middleware