Merge pull request #3319 from Pylons/feature/more-samesite-work

Support samesite option in AuthtktAuthenticationPolicy and CookieCSRFStoragePolicy
author: Michael Merickel <michael@merickel.org> 2018-08-10 10:57:07 -0500
committer: GitHub <noreply@github.com> 2018-08-10 10:57:07 -0500
commit: 3a89ed345c4cf98f0b890737d78220e61c0c53e4 (patch)
tree: 666862c069fce963e4fac454b767f08586687686 /CHANGES.rst
parent: 0760eba8fd5a0d8f0424c329ce92e9fb8d003f11 (diff)
parent: 3ee04cc62205b10eb9041b0df5e156936765202f (diff)
download: pyramid-3a89ed345c4cf98f0b890737d78220e61c0c53e4.tar.gz
pyramid-3a89ed345c4cf98f0b890737d78220e61c0c53e4.tar.bz2
pyramid-3a89ed345c4cf98f0b890737d78220e61c0c53e4.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/CHANGES.rst b/CHANGES.rst
index 6ccd69a47..91dadfa79 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -37,6 +37,11 @@ Features
   ``pyramid.session.UnencryptedCookieSessionFactoryConfig``.
   See https://github.com/Pylons/pyramid/pull/3300
 
+- Modify ``pyramid.authentication.AuthTktAuthenticationPolicy`` and
+  ``pyramid.csrf.CookieCSRFStoragePolicy`` to support the SameSite option on
+  cookies and set the default to ``'Lax'``.
+  See https://github.com/Pylons/pyramid/pull/3319
+
 - Added new ``pyramid.httpexceptions.HTTPPermanentRedirect``
   exception/response object for a HTTP 308 redirect.
   See https://github.com/Pylons/pyramid/pull/3302
author	Michael Merickel <michael@merickel.org>	2018-08-10 10:57:07 -0500
committer	GitHub <noreply@github.com>	2018-08-10 10:57:07 -0500
commit	3a89ed345c4cf98f0b890737d78220e61c0c53e4 (patch)
tree	666862c069fce963e4fac454b767f08586687686 /CHANGES.rst
parent	0760eba8fd5a0d8f0424c329ce92e9fb8d003f11 (diff)
parent	3ee04cc62205b10eb9041b0df5e156936765202f (diff)
download	pyramid-3a89ed345c4cf98f0b890737d78220e61c0c53e4.tar.gz pyramid-3a89ed345c4cf98f0b890737d78220e61c0c53e4.tar.bz2 pyramid-3a89ed345c4cf98f0b890737d78220e61c0c53e4.zip