diff options
| author | Mariusz Felisiak <felisiak.mariusz@gmail.com> | 2020-07-16 08:16:58 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-07-16 08:16:58 +0200 |
| commit | 240cbb63bf9965c63d7a3cc9032f91410f414d46 (patch) | |
| tree | 14d5fcd1e195f9ceae2c04082a56dfc978f291cb /tests/responses | |
| parent | 156a2138db20abc89933121e4ff2ee2ce56a173a (diff) | |
| download | django-240cbb63bf9965c63d7a3cc9032f91410f414d46.tar.gz | |
Fixed #31790 -- Fixed setting SameSite and Secure cookies flags in HttpResponse.delete_cookie().
Cookies with the "SameSite" flag set to None and without the "secure"
flag will be soon rejected by latest browser versions.
This affects sessions and messages cookies.
Diffstat (limited to 'tests/responses')
| -rw-r--r-- | tests/responses/test_cookie.py | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/tests/responses/test_cookie.py b/tests/responses/test_cookie.py index a52443eefe..c7c35219b2 100644 --- a/tests/responses/test_cookie.py +++ b/tests/responses/test_cookie.py @@ -105,6 +105,7 @@ class DeleteCookieTests(SimpleTestCase): self.assertEqual(cookie['path'], '/') self.assertEqual(cookie['secure'], '') self.assertEqual(cookie['domain'], '') + self.assertEqual(cookie['samesite'], '') def test_delete_cookie_secure_prefix(self): """ @@ -118,3 +119,14 @@ class DeleteCookieTests(SimpleTestCase): cookie_name = '__%s-c' % prefix response.delete_cookie(cookie_name) self.assertIs(response.cookies[cookie_name]['secure'], True) + + def test_delete_cookie_secure_samesite_none(self): + # delete_cookie() sets the secure flag if samesite='none'. + response = HttpResponse() + response.delete_cookie('c', samesite='none') + self.assertIs(response.cookies['c']['secure'], True) + + def test_delete_cookie_samesite(self): + response = HttpResponse() + response.delete_cookie('c', samesite='lax') + self.assertEqual(response.cookies['c']['samesite'], 'lax') |