Opened 3 years ago
Closed 3 years ago
#33109 closed Bug (needsinfo)
Testing the presence of SameSite and Secure cookies doesn't work
Reported by: | Adrien Carpentier | Owned by: | nobody |
---|---|---|---|
Component: | Testing framework | Version: | 3.1 |
Severity: | Normal | Keywords: | cookies, samesite, secure, test |
Cc: | Triage Stage: | Unreviewed | |
Has patch: | no | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description (last modified by )
When using the following constants in settings.py
, as Django doc says (https://docs.djangoproject.com/en/3.1/ref/settings/#std:setting-SESSION_COOKIE_SECURE):
CSRF_COOKIE_SECURE = True SESSION_COOKIE_SECURE = True CSRF_COOKIE_SAMESITE = 'None' SESSION_COOKIE_SAMESITE = 'None'
...and then when testing the presence of SameSite
and Secure
cookies in the responses, there is no SameSite
neither Secure
cookie keys.
Here is a non passing test, for example, for a user agent that should have SameSite
and Secure
cookies:
agent_string = "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.2227.0 Safari/537.36" from django.test import Client test_client = Client() res = test_client.get("/", HTTP_USER_AGENT=agent_string) assert res.cookies.get(self.cookie_key)["samesite"] == "None" assert res.cookies.get(self.cookie_key)["secure"]
When printing the content of the cookies (print(res.cookies.items())
), the cookie keys are not there.
Note: When adding SameSite
and Secure
cookies in the responses through a custom middleware instead of the 3.1 setting, the tests are passing.
Change History (7)
comment:1 by , 3 years ago
Description: | modified (diff) |
---|
comment:2 by , 3 years ago
Description: | modified (diff) |
---|
comment:3 by , 3 years ago
Summary: | Testing of presence of SameSite and Secure cookies doesn't work → Testing the presence of SameSite and Secure cookies doesn't work |
---|
comment:4 by , 3 years ago
Description: | modified (diff) |
---|
comment:5 by , 3 years ago
Description: | modified (diff) |
---|
comment:6 by , 3 years ago
comment:7 by , 3 years ago
Component: | HTTP handling → Testing framework |
---|---|
Resolution: | → needsinfo |
Status: | new → closed |
Thanks for the ticket, however I cannot reproduce this issue. Please reopen the ticket if you can debug your issue and provide a sample project.
Have you debugged this to confirm that Django is at fault, and if so, where?