Skip to content

Fixed #34613 -- Added support for Partitioned cookies #19603

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

Fixed #34613 -- Added support for Partitioned cookies #19603

wants to merge 5 commits into from
+176 −9

Conversation

KentaroJay
Copy link

@KentaroJay KentaroJay commented Jun 28, 2025
edited
Loading

Trac ticket number

ticket-34613

Branch description

This PR adds support for Partitioned cookies to Django, implementing the CHIPS (Cookies Having Independent Partitioned State) specification that enhances privacy and security for third-party contexts.

  • Core Implementation: Added partitioned parameter to Django's cookie handling
    infrastructure
  • HTTP Layer: Updated django.http.cookie and django.http.response modules to support
    the Partitioned attribute
  • Framework Integration: Extended middleware and built-in features to use partitioned
    cookies:
    • CSRF middleware
    • Sessions middleware
    • Messages framework
    • Internationalization views
  • Configuration: Added SESSION_COOKIE_PARTITIONED and related settings in global
    settings

Checklist

  • This PR targets the main branch.
  • The commit message is written in past tense, mentions the ticket number, and ends with a period.
  • I have checked the "Has patch" ticket flag in the Trac system.
  • I have added or updated relevant tests.
  • I have added or updated relevant docs, including release notes if applicable.
  • I have attached screenshots in both light and dark modes for any UI changes.

github-actions[bot]
github-actions bot reviewed Jun 28, 2025
View reviewed changes
Copy link

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hello! Thank you for your contribution 💪

As it's your first contribution be sure to check out the patch review checklist.

If you're fixing a ticket from Trac make sure to set the "Has patch" flag and include a link to this PR in the ticket!

If you have any design or process questions then you can ask in the Django forum.

Welcome aboard ⛵️!

@KentaroJay KentaroJay changed the title Fixed #34613 -- add support for Partitioned cookies Fixed #34613 -- Added support for Partitioned cookies Jun 28, 2025
@KentaroJay KentaroJay marked this pull request as ready for review June 28, 2025 20:25
KentaroJay added a commit to KentaroJay/django that referenced this pull request Jun 28, 2025
@KentaroJay
Fixed django#19603 -- Enhanced a comment at django/http/cookie.py
360aa5f
adamchainz
adamchainz reviewed Jun 30, 2025
View reviewed changes
django/http/response.py Outdated
Comment on lines 239 to 243

``partitioned`` can be:
- True to enable partitioned cookies (CHIPS - Cookies Having
Independent Partitioned State)
- False (default) for standard cookie behavior
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think we need to describe the parameter here - we don't for the other boolean parameters. The documentation is the source of truth for Django's APIs.

Copy link
Author

@KentaroJay KentaroJay Jun 30, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I appreciate your comment. I removed the comment with this commit: 6a7c528

@michaelwheeler michaelwheeler mentioned this pull request Jun 30, 2025
Open
timgraham
timgraham reviewed Jun 30, 2025
View reviewed changes
django/http/cookie.py
Comment on lines +6 to +14
# Add support for the Partitioned cookie attribute (CHIPS - Cookies Having
# Independent Partitioned State). This is needed for Chrome's third-party
# cookie handling in iframes.
# https://developers.google.com/privacy-sandbox/3pcd/chips
# Only patch if Python version doesn't have native support for it.
# Python 3.14+ has native support for partitioned cookies.
if "partitioned" not in cookies.Morsel._flags:
cookies.Morsel._flags.add("partitioned")
cookies.Morsel._reserved.setdefault("partitioned", "Partitioned")
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since you asked about this on the forum, I'd say it's fine as it has precedence: 9a56b4b#diff-53ebbe2eee45e69ba2a4a071d31269c34e4640cf61f613e95512a7b9d421a3dbR6-R7

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the comment, I will leave this implementation then unless no one else complains 👍

@KentaroJay KentaroJay requested a review from adamchainz June 30, 2025 22:48
@KentaroJay
Copy link
Author

KentaroJay commented Jun 30, 2025
edited
Loading

[FYI] I am adding some documentation to docs/ directory. Please wait a couple of days. In the meantime, I appreciate reviews on the implementation.

P.S.
Docs done! Please go ahead and review all of my code 👍
I had to force push bc some of my prior commits didn't follow commit message convention.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@timgraham timgraham timgraham left review comments

@github-actions github-actions[bot] github-actions[bot] left review comments

@adamchainz adamchainz Awaiting requested review from adamchainz

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@KentaroJay @timgraham @adamchainz