From 1ecd13a9955848fbf44833ffcab919f07a11e02c Mon Sep 17 00:00:00 2001 From: Taksh Date: Wed, 24 Jun 2026 21:42:23 +0530 Subject: [PATCH] deprecate: remove DCS_SESSION_COOKIE_SAMESITE settings Replace legacy django-cookies-samesite settings with Django's native SESSION_COOKIE_SAMESITE in common and devstack envs. Co-authored-by: Cursor --- lms/envs/common.py | 5 ++--- lms/envs/devstack.py | 5 ++--- lms/envs/production.py | 4 ---- 3 files changed, 4 insertions(+), 10 deletions(-) diff --git a/lms/envs/common.py b/lms/envs/common.py index 828c7874152b..837154839ce5 100644 --- a/lms/envs/common.py +++ b/lms/envs/common.py @@ -989,9 +989,8 @@ ############################### DJANGO BUILT-INS ############################### -# django-session-cookie middleware -DCS_SESSION_COOKIE_SAMESITE = 'None' -DCS_SESSION_COOKIE_SAMESITE_FORCE_ALL = True +# SameSite=None is required for cross-site OAuth/SSO flows over HTTPS in production. +SESSION_COOKIE_SAMESITE = 'None' # LMS base LMS_BASE = 'localhost:18000' diff --git a/lms/envs/devstack.py b/lms/envs/devstack.py index 1043016a6b2b..9bdc8f19a765 100644 --- a/lms/envs/devstack.py +++ b/lms/envs/devstack.py @@ -474,9 +474,8 @@ def should_show_debug_toolbar(request): # pylint: disable=missing-function-docs ##################################################################### -# django-session-cookie middleware -DCS_SESSION_COOKIE_SAMESITE = 'Lax' -DCS_SESSION_COOKIE_SAMESITE_FORCE_ALL = True +# Browsers reject SameSite=None cookies on plain HTTP devstack hosts. +SESSION_COOKIE_SAMESITE = 'Lax' ########################## THEMING ####################### # If you want to enable theming in devstack, uncomment this section and add any relevant diff --git a/lms/envs/production.py b/lms/envs/production.py index b954841d59bc..7f635a4c351a 100644 --- a/lms/envs/production.py +++ b/lms/envs/production.py @@ -132,10 +132,6 @@ def get_env_setting(setting): DATA_DIR = path(DATA_DIR) # noqa: F405 -# TODO: This was for backwards compatibility back when installed django-cookie-samesite (not since 2022). -# The DCS_ version of the setting can be DEPR'd at this point. -SESSION_COOKIE_SAMESITE = DCS_SESSION_COOKIE_SAMESITE # noqa: F405 - for feature, value in _YAML_TOKENS.get('FEATURES', {}).items(): FEATURES[feature] = value