id summary reporter owner description type status component version severity resolution keywords cc stage has_patch needs_docs needs_tests needs_better_patch easy ui_ux 28119 Test client cookies do not take into account server hostnames/domains Ali Kaafarani nobody "A couple of issues arise in the testing framework when a Django project supports multiple hostnames. 1. Cookies received don't set the domain field 2. Cookies with a domain field are still included in requests to a different domain than the one in the cookie === Example of `domain` not being set: {{{ from django.test import Client client = Client() # 1. Make a request with explicit SERVER_NAME response = client.get('/', SERVER_NAME='foo.local') # 2. Note that response.cookies['csrftoken']['domain'] has no value }}} Expected result: `response.cookies['csrftoken']['domain']` was set to the value of `SERVER_NAME` (default would be `testserver`). Rationale: Browsers do this, according to the specification: https://tools.ietf.org/html/rfc2965 (4.3.1 Interpreting Set-Cookie: Domain Defaults to the request-host) --- === Example of cookies sent incorrectly to another domain: {{{ from django.test import Client client = Client() # 1. Make request with explicit SERVER_NAME, receive `csrftoken` cookie response = client.get('/', SERVER_NAME='foo.local') # 2. Note that client.cookies['csrftoken'] now has some value (eg. ""123456"") # 3. Set the domain on the cookie client.cookies['csrftoken']['domain'] = 'bar.local' # 4. Make request to different domain response = client.get('/', SERVER_NAME='bar.local') # 5. Note that client.cookies['csrftoken'] was sent with the request, re-used by the server, and still has the same value (eg. ""123456"") }}} Expected result: On step 4, the client does not include the cookie with non-matching domain name. Rationale: Using `SERVER_NAME`, the client should simulate browser behaviour by not sending cookies incorrectly to different hostnames. " New feature new Testing framework 1.11 Normal test, client, cookie, domain Unreviewed 0 0 0 0 0 0