Set cookies with SameSite=None if possible (#1509)

2026-05-10 16:04:02 +00:00 · 2019-12-03 14:50:18 +01:00
parent 098b7363e6
commit d46278f04f
5 changed files with 184 additions and 22 deletions
--- a/src/pretix/presale/views/locale.py
+++ b/src/pretix/presale/views/locale.py
@@ -5,6 +5,8 @@ from django.http import HttpResponseRedirect
 from django.utils.http import is_safe_url
 from django.views.generic import View

+from pretix.helpers.cookies import set_cookie_without_samesite
+
 from .robots import NoSearchIndexViewMixin


@@ -19,9 +21,14 @@ class LocaleSet(NoSearchIndexViewMixin, View):
        if locale in [lc for lc, ll in settings.LANGUAGES]:

            max_age = 10 * 365 * 24 * 60 * 60
-            resp.set_cookie(settings.LANGUAGE_COOKIE_NAME, locale, max_age=max_age,
-                            expires=(datetime.utcnow() + timedelta(seconds=max_age)).strftime(
-                                '%a, %d-%b-%Y %H:%M:%S GMT'),
-                            domain=settings.SESSION_COOKIE_DOMAIN)
+            set_cookie_without_samesite(
+                request, resp,
+                settings.LANGUAGE_COOKIE_NAME,
+                locale,
+                max_age=max_age,
+                expires=(datetime.utcnow() + timedelta(seconds=max_age)).strftime(
+                    '%a, %d-%b-%Y %H:%M:%S GMT'),
+                domain=settings.SESSION_COOKIE_DOMAIN
+            )

        return resp