Type samesite values as literals 'Lax', 'Strict' or 'None' (#1110)

* Type `samesite` values as literals 'Lax', 'Strict' or 'None' - Adjusts supported `SESSION_COOKIE_SAMESITE` values - Adjusts supported `CSRF_COOKIE_SAMESITE` values * Update django-stubs/conf/global_settings.pyi * Update response.pyi Co-authored-by: Nikita Sobolev <mail@sobolevn.me>
2025-12-10 22:11:54 +08:00 · 2022-08-27 01:02:47 +02:00
parent 6b39050d52
commit 8bd00ba25a
2 changed files with 12 additions and 5 deletions
--- a/django-stubs/conf/global_settings.pyi
+++ b/django-stubs/conf/global_settings.pyi
@@ -7,6 +7,8 @@ by the DJANGO_SETTINGS_MODULE environment variable.
 # django.utils.translation -- that module depends on the settings.
 from typing import Any, Dict, List, Optional, Pattern, Protocol, Sequence, Tuple, Union

+from typing_extensions import Literal
+
 ####################
 # CORE             #
 ####################
@@ -340,8 +342,8 @@ SESSION_COOKIE_PATH: str = ...
 # Whether to use the non-RFC standard httpOnly flag (IE, FF3+, others)
 SESSION_COOKIE_HTTPONLY: bool = ...
 # Whether to set the flag restricting cookie leaks on cross-site requests.
-# This can be 'Lax', 'Strict', or None to disable the flag.
-SESSION_COOKIE_SAMESITE: Optional[str] = ...
+# This can be 'Lax', 'Strict', 'None', or False to disable the flag.
+SESSION_COOKIE_SAMESITE: Literal["Lax", "Strict", "None", False] = ...
 # Whether to save the session data on every request.
 SESSION_SAVE_EVERY_REQUEST: bool = ...
 # Whether a user's session cookie expires when the Web browser is closed.
@@ -409,7 +411,7 @@ CSRF_COOKIE_DOMAIN: Optional[str] = ...
 CSRF_COOKIE_PATH: str = ...
 CSRF_COOKIE_SECURE: bool = ...
 CSRF_COOKIE_HTTPONLY: bool = ...
-CSRF_COOKIE_SAMESITE: Optional[str] = ...
+CSRF_COOKIE_SAMESITE: Literal["Lax", "Strict", "None", False] = ...
 CSRF_HEADER_NAME: str = ...
 CSRF_TRUSTED_ORIGINS: List[str] = ...
 CSRF_USE_SESSIONS: bool = ...
--- a/django-stubs/http/response.pyi
+++ b/django-stubs/http/response.pyi
@@ -5,6 +5,7 @@ from typing import Any, Dict, Iterable, Iterator, List, Optional, Tuple, Type, T

 from django.http.cookie import SimpleCookie
 from django.utils.datastructures import CaseInsensitiveMapping, _PropertyDescriptor
+from typing_extensions import Literal

 class BadHeaderError(ValueError): ...

@@ -62,12 +63,16 @@ class HttpResponseBase:
        domain: Optional[str] = ...,
        secure: bool = ...,
        httponly: bool = ...,
-        samesite: str = ...,
+        samesite: Optional[Literal["Lax", "Strict", "None"]] = ...,
    ) -> None: ...
    def setdefault(self, key: str, value: str) -> None: ...
    def set_signed_cookie(self, key: str, value: str, salt: str = ..., **kwargs: Any) -> None: ...
    def delete_cookie(
-        self, key: str, path: str = ..., domain: Optional[str] = ..., samesite: Optional[str] = ...
+        self,
+        key: str,
+        path: str = ...,
+        domain: Optional[str] = ...,
+        samesite: Optional[Literal["Lax", "Strict", "None"]] = ...,
    ) -> None: ...
    def make_bytes(self, value: object) -> bytes: ...
    def close(self) -> None: ...