Fixed #28989 -- Fixed HttpResponse.delete_cookie() for cookies that use __Secure/Host prefixes.

author: Alvin Lindstam <alvin.lindstam@gmail.com> 2018-01-04 18:53:35 +0100
committer: Tim Graham <timograham@gmail.com> 2018-01-08 12:32:47 -0500
commit: 47a99d701277f6ec98e6fd220feb9c8a1e66718e (patch)
tree: 67b70e5c4aa3847dca46031ecc882c8959b8580f /tests/responses
parent: 8e94f9f7dd515e49621b4a8395077a0cd2ab4c78 (diff)
download: django-47a99d701277f6ec98e6fd220feb9c8a1e66718e.tar.gz
1 files changed, 13 insertions, 0 deletions
diff --git a/tests/responses/test_cookie.py b/tests/responses/test_cookie.py
index cbd65926c0..148963fa59 100644
--- a/tests/responses/test_cookie.py
+++ b/tests/responses/test_cookie.py
@@ -91,3 +91,16 @@ class DeleteCookieTests(SimpleTestCase):
         self.assertEqual(cookie['path'], '/')
         self.assertEqual(cookie['secure'], '')
         self.assertEqual(cookie['domain'], '')
+
+    def test_delete_cookie_secure_prefix(self):
+        """
+        delete_cookie() sets the secure flag if the cookie name starts with
+        __Host- or __Secure- (without that, browsers ignore cookies with those
+        prefixes).
+        """
+        response = HttpResponse()
+        for prefix in ('Secure', 'Host'):
+            with self.subTest(prefix=prefix):
+                cookie_name = '__%s-c' % prefix
+                response.delete_cookie(cookie_name)
+                self.assertEqual(response.cookies[cookie_name]['secure'], True)
author	Alvin Lindstam <alvin.lindstam@gmail.com>	2018-01-04 18:53:35 +0100
committer	Tim Graham <timograham@gmail.com>	2018-01-08 12:32:47 -0500
commit	47a99d701277f6ec98e6fd220feb9c8a1e66718e (patch)
tree	67b70e5c4aa3847dca46031ecc882c8959b8580f /tests/responses
parent	8e94f9f7dd515e49621b4a8395077a0cd2ab4c78 (diff)
download	django-47a99d701277f6ec98e6fd220feb9c8a1e66718e.tar.gz