#29975: Password reset emails in combination with click tracking do not work
with
Intelligent Tracking Prevention on Safari for iOS 12 and macOS Mojave
-------------------------------------+-------------------------------------
Reporter: Mat Gadd | Owner: nobody
Type: Bug | Status: new
Component: contrib.auth | Version: 2.1
Severity: Normal | Resolution:
Keywords: safari, privacy, | Triage Stage: Accepted
auth, password reset |
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by Mat Gadd):
Hi all,
Thanks to the excellent work by Flávio Juvenal over on ticket #30250, we
now have a workaround for this issue. It turns out to be a
[https://bugs.webkit.org/show_bug.cgi?id=188165 bug in Safari] where it
incorrectly handles cookies set with `SameSite=lax`, so setting
`CSRF_COOKIE_SAMESITE` and `SESSION_COOKIE_SAMESITE` to `None` in your
project settings will avoid this issue until Apple get around to deploying
a fix for Safari.
--
Ticket URL: <https://code.djangoproject.com/ticket/29975#comment:7>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/064.eb7b444087b3b1192dca884dd9635da5%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
