CSRF_COOKIE_SAMESITE equivalent for django 1.6.5

Question

I am trying to launch my application which was written using django 1.6.5 version, in a salesforce webtab iframe. I was getting a "CSRF cookie not set" error while trying to login. I understood through the console logs that in the latest version of Chrome, only allows the cookies which are set with 'secure'=True and samesite=None. I understood that these settings can be added in the settings.py in later versions of django

SESSION_COOKIE_SAMESITE = 'None'
CSRF_COOKIE_SAMESITE = 'None'
SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True

But this does not work in django 1.6.5 version. I have been trying to find out how to apply these settings in my version.

Answer 1

There is no support to add the samesite setting in Django 1.6.5, that is the reason the adding those in the settings.py did not work. Django 3.1 is where they started this support this setting. I tried adding my own middleware and add the setting to the cookies, but I got an invalid field error. Then I found a library I can use for this - django-cookies-samesite. I was able to apply the samesite setting to None and the secure to True, then I was able to login through salesforce web tab.

1. Add these in settings.py

SESSION_COOKIE_SAMESITE = 'None'
SESSION_COOKIE_SAMESITE_FORCE_ALL = True
SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True

2. And add this in the MIDDLEWARE_CLASSES:

'django_cookies_samesite.middleware.CookiesSameSite',

Relevant sites I got the info from:

https://github.com/django/django/pull/8380/files

https://pypi.org/project/django-cookies-samesite/