Added a patch for Django to permit cookie 'samesite' setting to be explicitly set to 'None'.

levkowetz · levkowetz · commit b8b69b1698f9 · 2020-07-08T13:46:34.000Z
- Legacy-Id: 18138
diff --git a/patch/add-django-http-cookie-value-none.patch b/patch/add-django-http-cookie-value-none.patch
@@ -0,0 +1,13 @@
+--- django/http//response.py.orig	2020-07-08 14:34:42.776562458 +0200
++++ django/http//response.py	2020-07-08 14:35:56.454687322 +0200
+@@ -197,8 +197,8 @@
+         if httponly:
+             self.cookies[key]['httponly'] = True
+         if samesite:
+-            if samesite.lower() not in ('lax', 'strict'):
+-                raise ValueError('samesite must be "lax" or "strict".')
++            if samesite.lower() not in ('lax', 'strict', 'none'):
++                raise ValueError('samesite must be "lax", "strict", or "none".')
+             self.cookies[key]['samesite'] = samesite
+ 
+     def setdefault(self, key, value):
