fix flake8

refactor
Remove partitioned cookies for Safari
2026-04-23 23:22:32 +00:00 · 2026-02-20 11:26:30 +01:00 · 2026-02-20 11:08:46 +01:00 · 2026-02-20 11:03:11 +01:00 · 2026-02-20 10:08:51 +01:00
1 changed files with 25 additions and 17 deletions
--- a/src/pretix/helpers/cookies.py
+++ b/src/pretix/helpers/cookies.py
@@ -34,9 +34,7 @@ def set_cookie_without_samesite(request, response, key, *args, **kwargs):
    if not is_secure:
        # https://www.chromestatus.com/feature/5633521622188032
        return
-
    useragent = request.headers.get('User-Agent', '')
-
    if should_send_same_site_none(useragent):
        # Chromium is rolling out SameSite=Lax as a default
        # https://www.chromestatus.com/feature/5088147346030592
@@ -47,13 +45,33 @@ def set_cookie_without_samesite(request, response, key, *args, **kwargs):
        # This will only work on secure cookies as well
        # https://www.chromestatus.com/feature/5633521622188032
        response.cookies[key]['secure'] = is_secure
+        # CHIPS
+        response.cookies[key]['Partitioned'] = True

-        if can_send_partitioned_cookie(useragent):
-            # CHIPS
-            response.cookies[key]['Partitioned'] = True
+        if has_safari_partitioned_bug(useragent):
+            # There may be partitioned cookies set from previous sessions, which override
+            # these non-partitioned ones. Delete these partitioned cookies.
+            response.delete_cookie(key)
+            response.cookies[key + ":Partitioned"] = response.cookies[key]
+            del response.cookies[key]
+
+            # re-set the cookie without Partitioned
+            response.set_cookie(key, *args, **kwargs)
+            response.cookies[key]['samesite'] = 'None'
+            response.cookies[key]['secure'] = is_secure


-def can_send_partitioned_cookie(useragent):
+# Based on https://www.chromium.org/updates/same-site/incompatible-clients
+# Copyright 2019 Google LLC.
+# SPDX-License-Identifier: Apache-2.0
+
+
+def should_send_same_site_none(useragent):
+    # Don’t send `SameSite=None` to known incompatible clients.
+    return not has_web_kit_same_site_bug(useragent) and not drops_unrecognized_same_site_cookies(useragent)
+
+
+def has_safari_partitioned_bug(useragent):
    # Safari currently exhibits a bug where Partitioned cookies (CHIPS) are not
    # sent back to the originating site after multi-hop cross-site redirects,
    # breaking SSO login flows in pretix.
@@ -69,17 +87,7 @@ def can_send_partitioned_cookie(useragent):
    #
    #   - https://bugs.webkit.org/show_bug.cgi?id=292975
    #   - https://bugs.webkit.org/show_bug.cgi?id=306194
-    return not is_safari(useragent)
-
-
-# Based on https://www.chromium.org/updates/same-site/incompatible-clients
-# Copyright 2019 Google LLC.
-# SPDX-License-Identifier: Apache-2.0
-
-
-def should_send_same_site_none(useragent):
-    # Don’t send `SameSite=None` to known incompatible clients.
-    return not has_web_kit_same_site_bug(useragent) and not drops_unrecognized_same_site_cookies(useragent)
+    return is_safari(useragent)


 def has_web_kit_same_site_bug(useragent):
Author	SHA1	Message	Date
Richard Schreiber	f71091634f	fix flake8	2026-02-20 11:26:30 +01:00
Richard Schreiber	f20b217621	refactor	2026-02-20 11:08:46 +01:00
Richard Schreiber	37fb03fe15	Remove partitioned cookies for Safari	2026-02-20 11:03:11 +01:00
Raphael Michel	769e1312d4	Revert "Disable partitioned cookies for Safari due to WebKit bugs (#5843 )" This reverts commit `fbd8bbbeaa`.	2026-02-20 10:08:51 +01:00