diff options
author | Alvin Lindstam <alvin.lindstam@gmail.com> | 2018-01-04 18:53:35 +0100 |
---|---|---|
committer | Tim Graham <timograham@gmail.com> | 2018-01-08 12:32:47 -0500 |
commit | 47a99d701277f6ec98e6fd220feb9c8a1e66718e (patch) | |
tree | 67b70e5c4aa3847dca46031ecc882c8959b8580f /tests/responses | |
parent | 8e94f9f7dd515e49621b4a8395077a0cd2ab4c78 (diff) | |
download | django-47a99d701277f6ec98e6fd220feb9c8a1e66718e.tar.gz |
Fixed #28989 -- Fixed HttpResponse.delete_cookie() for cookies that use __Secure/Host prefixes.
Diffstat (limited to 'tests/responses')
-rw-r--r-- | tests/responses/test_cookie.py | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/tests/responses/test_cookie.py b/tests/responses/test_cookie.py index cbd65926c0..148963fa59 100644 --- a/tests/responses/test_cookie.py +++ b/tests/responses/test_cookie.py @@ -91,3 +91,16 @@ class DeleteCookieTests(SimpleTestCase): self.assertEqual(cookie['path'], '/') self.assertEqual(cookie['secure'], '') self.assertEqual(cookie['domain'], '') + + def test_delete_cookie_secure_prefix(self): + """ + delete_cookie() sets the secure flag if the cookie name starts with + __Host- or __Secure- (without that, browsers ignore cookies with those + prefixes). + """ + response = HttpResponse() + for prefix in ('Secure', 'Host'): + with self.subTest(prefix=prefix): + cookie_name = '__%s-c' % prefix + response.delete_cookie(cookie_name) + self.assertEqual(response.cookies[cookie_name]['secure'], True) |