Merge pull request #31 from jvdboog/main

Do not include cookies with empty value
QueraTeam · May 20, 2024 · d64fc16 · d64fc16
2 parents 090d076 + 2165c9d
commit d64fc16
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/django_nextjs/render.py b/django_nextjs/render.py
@@ -48,7 +48,7 @@ def _get_nextjs_request_cookies(request: HttpRequest):
     (i.e. dont use HTTP unsafe methods or GraphQL mutations).
     https://docs.djangoproject.com/en/3.2/ref/csrf/#is-posting-an-arbitrary-csrf-token-pair-cookie-and-post-data-a-vulnerability
     """
-    unreserved_cookies = {k: v for k, v in request.COOKIES.items() if not morsel.isReservedKey(k)}
+    unreserved_cookies = {k: v for k, v in request.COOKIES.items() if k and v and not morsel.isReservedKey(k)}
     return {**unreserved_cookies, settings.CSRF_COOKIE_NAME: get_csrf_token(request)}