Fix #1792: Lowercase all cookie keys, actually allow overriding the samesite value

matthiask · matthiask · commit 3b87b93a40d2 · 2023-06-05T12:55:42.000+02:00
diff --git a/debug_toolbar/static/debug_toolbar/js/toolbar.js b/debug_toolbar/static/debug_toolbar/js/toolbar.js
@@ -341,9 +341,9 @@ const djdt = {
                 options.path ? "; path=" + options.path : "",
                 options.domain ? "; domain=" + options.domain : "",
                 options.secure ? "; secure" : "",
-                "sameSite" in options
-                    ? "; sameSite=" + options.samesite
-                    : "; sameSite=Lax",
+                "samesite" in options
+                    ? "; samesite=" + options.samesite
+                    : "; samesite=lax",
             ].join("");
 
             return value;
diff --git a/docs/changes.rst b/docs/changes.rst
@@ -7,6 +7,8 @@ Pending
 * Adjusted app directories system check to allow for nested template loaders.
 * Switched from flake8, isort and pyupgrade to `ruff
   <https://beta.ruff.rs/>`__.
+* Converted cookie keys to lowercase. Fixed the ``samesite`` argument to
+  ``djdt.cookie.set``.
 
 4.1.0 (2023-05-15)
 ------------------
diff --git a/docs/panels.rst b/docs/panels.rst
@@ -421,7 +421,9 @@ common methods available.
     :param value: The value to be set.
 
     :param options: The options for the value to be set. It should contain the
-        properties ``expires`` and ``path``.
+        properties ``expires`` and ``path``. The properties ``domain``,
+        ``secure`` and ``samesite`` are also supported. ``samesite`` defaults
+        to ``lax`` if not provided.
 
 .. js:function:: djdt.hide_toolbar
 
