mirror of
https://github.com/django/django.git
synced 2025-10-31 09:41:08 +00:00
[3.1.x] Fixed #31790 -- Fixed setting SameSite and Secure cookies flags in HttpResponse.delete_cookie().
Cookies with the "SameSite" flag set to None and without the "secure"
flag will be soon rejected by latest browser versions.
This affects sessions and messages cookies.
Backport of 240cbb63bf from master
This commit is contained in:
Mariusz Felisiak
@@ -1,5 +1,6 @@
|
||||
import json
|
||||
|
||||
from django.conf import settings
|
||||
from django.contrib.messages import constants
|
||||
from django.contrib.messages.storage.base import Message
|
||||
from django.contrib.messages.storage.cookie import (
|
||||
@@ -85,6 +86,10 @@ class CookieTests(BaseTests, SimpleTestCase):
|
||||
self.assertEqual(response.cookies['messages'].value, '')
|
||||
self.assertEqual(response.cookies['messages']['domain'], '.example.com')
|
||||
self.assertEqual(response.cookies['messages']['expires'], 'Thu, 01 Jan 1970 00:00:00 GMT')
|
||||
self.assertEqual(
|
||||
response.cookies['messages']['samesite'],
|
||||
settings.SESSION_COOKIE_SAMESITE,
|
||||
)
|
||||
|
||||
def test_get_bad_cookie(self):
|
||||
request = self.get_request()
|
||||
|
||||
Reference in New Issue
Block a user