Opened 3 years ago
Closed 3 years ago
#33109 closed Bug (needsinfo)
Testing the presence of SameSite and Secure cookies doesn't work
| Reported by: | Adrien Carpentier | Owned by: | nobody |
|---|---|---|---|
| Component: | Testing framework | Version: | 3.1 |
| Severity: | Normal | Keywords: | cookies, samesite, secure, test |
| Cc: | Triage Stage: | Unreviewed | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description (last modified by )
When using the following constants in settings.py, as Django doc says (https://docs.djangoproject.com/en/3.1/ref/settings/#std:setting-SESSION_COOKIE_SECURE):
CSRF_COOKIE_SECURE = True SESSION_COOKIE_SECURE = True CSRF_COOKIE_SAMESITE = 'None' SESSION_COOKIE_SAMESITE = 'None'
...and then when testing the presence of SameSite and Secure cookies in the responses, there is no SameSite neither Secure cookie keys.
Here is a non passing test, for example, for a user agent that should have SameSite and Secure cookies:
agent_string = "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.2227.0 Safari/537.36"
from django.test import Client
test_client = Client()
res = test_client.get("/", HTTP_USER_AGENT=agent_string)
assert res.cookies.get(self.cookie_key)["samesite"] == "None"
assert res.cookies.get(self.cookie_key)["secure"]
When printing the content of the cookies (print(res.cookies.items())), the cookie keys are not there.
Note: When adding SameSite and Secure cookies in the responses through a custom middleware instead of the 3.1 setting, the tests are passing.
Change History (7)
comment:1 by , 3 years ago
| Description: | modified (diff) |
|---|
comment:2 by , 3 years ago
| Description: | modified (diff) |
|---|
comment:3 by , 3 years ago
| Summary: | Testing of presence of SameSite and Secure cookies doesn't work → Testing the presence of SameSite and Secure cookies doesn't work |
|---|
comment:4 by , 3 years ago
| Description: | modified (diff) |
|---|
comment:5 by , 3 years ago
| Description: | modified (diff) |
|---|
comment:6 by , 3 years ago
comment:7 by , 3 years ago
| Component: | HTTP handling → Testing framework |
|---|---|
| Resolution: | → needsinfo |
| Status: | new → closed |
Thanks for the ticket, however I cannot reproduce this issue. Please reopen the ticket if you can debug your issue and provide a sample project.
Have you debugged this to confirm that Django is at fault, and if so, where?