diff options
| author | Michael Merickel <michael@merickel.org> | 2018-06-11 10:28:52 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-06-11 10:28:52 -0500 |
| commit | 2fd7905a9d4427ea6dbeaff35f44855c824e470d (patch) | |
| tree | bbbef8a36a0bc6ee07545737f94f7505c5e8d232 /CHANGES.rst | |
| parent | aaed8d498ae255c27109e0b40736ca93ed7a4093 (diff) | |
| parent | 34bbcc83ddb9052f803c62eaedbe7308809d9416 (diff) | |
| download | pyramid-2fd7905a9d4427ea6dbeaff35f44855c824e470d.tar.gz pyramid-2fd7905a9d4427ea6dbeaff35f44855c824e470d.tar.bz2 pyramid-2fd7905a9d4427ea6dbeaff35f44855c824e470d.zip | |
Merge pull request #3300 from Pylons/feature/session-samesite-lax
Feature: Default session cookies to SameSite=Lax
Diffstat (limited to 'CHANGES.rst')
| -rw-r--r-- | CHANGES.rst | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/CHANGES.rst b/CHANGES.rst index de7ad0f8a..aeb7c3f9a 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -30,6 +30,13 @@ Features route_prefix for ``include`` and ``add_route`` calls inside the context. See https://github.com/Pylons/pyramid/pull/3279 +- Modify the builtin session implementations to support SameSite options on + cookies and set the default to ``'Lax'``. This affects + ``pyramid.session.BaseCookieSessionFactory``, + ``pyramid.session.SignedCookieSessionFactory``, and + ``pyramid.session.UnencryptedCookieSessionFactoryConfig``. + See https://github.com/Pylons/pyramid/pull/3300 + Bug Fixes --------- @@ -59,6 +66,12 @@ Backward Incompatibilities from a feature removed in Pyramid 1.5 and has had no effect since then. See https://github.com/Pylons/pyramid/pull/3299 +- Modify the builtin session implementations to set ``SameSite='Lax'`` on + cookies. This affects ``pyramid.session.BaseCookieSessionFactory``, + ``pyramid.session.SignedCookieSessionFactory``, and + ``pyramid.session.UnencryptedCookieSessionFactoryConfig``. + See https://github.com/Pylons/pyramid/pull/3300 + Documentation Changes --------------------- |