Mirror
/
zulip
mirror of https://github.com/zulip/zulip.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

middleware: Set the correct options on the django_language cookie. 

Signed-off-by: Anders Kaseorg <anders@zulip.com>
This commit is contained in:
Anders Kaseorg 2022-11-03 13:19:00 -07:00 committed by Tim Abbott
parent 53df35e698
commit 70dbeb197f
2 changed files with 15 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
zerver/middleware.py
View File

@ -550,7 +550,16 @@ class LocaleMiddleware(DjangoLocaleMiddleware):
# and saved in the set_language flag so that it can be used here. # and saved in the set_language flag so that it can be used here.
set_language = RequestNotes.get_notes(request).set_language set_language = RequestNotes.get_notes(request).set_language
if set_language is not None: if set_language is not None:
response.set_cookie(settings.LANGUAGE_COOKIE_NAME, set_language) response.set_cookie(
settings.LANGUAGE_COOKIE_NAME,
set_language,
max_age=settings.LANGUAGE_COOKIE_AGE,
path=settings.LANGUAGE_COOKIE_PATH,
domain=settings.LANGUAGE_COOKIE_DOMAIN,
secure=settings.LANGUAGE_COOKIE_SECURE,
httponly=settings.LANGUAGE_COOKIE_HTTPONLY, # type: ignore[misc] # https://github.com/typeddjango/django-stubs/pull/1228
samesite=settings.LANGUAGE_COOKIE_SAMESITE,
)
return response return response

6
zproject/computed_settings.py
View File

@ -3,7 +3,7 @@ import os
import sys import sys
import time import time
from copy import deepcopy from copy import deepcopy
from typing import Any, Dict, List, Tuple, Union from typing import Any, Dict, Final, List, Tuple, Union
from urllib.parse import urljoin from urllib.parse import urljoin
from scripts.lib.zulip_tools import get_tornado_ports from scripts.lib.zulip_tools import get_tornado_ports
@ -398,6 +398,7 @@ else:
if PRODUCTION: if PRODUCTION:
SESSION_COOKIE_SECURE = True SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True CSRF_COOKIE_SECURE = True
LANGUAGE_COOKIE_SECURE = True
# https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-05#section-4.1.3.2 # https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-05#section-4.1.3.2
SESSION_COOKIE_NAME = "__Host-sessionid" SESSION_COOKIE_NAME = "__Host-sessionid"
@ -409,6 +410,9 @@ if PRODUCTION:
CSRF_COOKIE_HTTPONLY = True CSRF_COOKIE_HTTPONLY = True
CSRF_FAILURE_VIEW = "zerver.middleware.csrf_failure" CSRF_FAILURE_VIEW = "zerver.middleware.csrf_failure"
# Avoid a deprecation message in the Firefox console
LANGUAGE_COOKIE_SAMESITE: Final = "Lax"
if DEVELOPMENT: if DEVELOPMENT:
# Use fast password hashing for creating testing users when not # Use fast password hashing for creating testing users when not
# PRODUCTION. Saves a bunch of time. # PRODUCTION. Saves a bunch of time.