forked from CGM_Public/pretix_original
upstream/2026.5.0 #17
Reference in New Issue
Block a user
Delete Branch "upstream/2026.5.0"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Due to a Safari bug, in some browser, two csrftoken cookies with different values exist: one unpartitioned, one partitioned ("CHIPS"). This function generates an additional Set-Cookie header to get rid of the unpartitioned one. As Django usually only allows one Set-Cookie header per cookie name, we need to manually create a cookie 'Morsel' for the deletion and store it in the HttpResponse's cookie dictionary under a different name, so it is not overwritten by the actual, correct Set-Cookie header. This works because the code in django.core.handlers.wsgi/asgi, that generates the actual Set-Cookie headers, only iterates over cookie.values(), ignoring the keys.