Changes between Version 1 and Version 2 of Ticket #33109


Ignore:
Timestamp:
Sep 14, 2021, 1:56:17 AM (3 years ago)
Author:
Adrien Carpentier
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #33109 – Description

    v1 v2  
    11When using the following constants in `settings.py`, as Django doc says (https://docs.djangoproject.com/en/3.1/ref/settings/#std:setting-SESSION_COOKIE_SECURE):
    22
    3     CSRF_COOKIE_SECURE = True
    4     SESSION_COOKIE_SECURE = True
    5     CSRF_COOKIE_SAMESITE = 'None'
    6     SESSION_COOKIE_SAMESITE = 'None'
     3{{{
     4CSRF_COOKIE_SECURE = True
     5SESSION_COOKIE_SECURE = True
     6CSRF_COOKIE_SAMESITE = 'None'
     7SESSION_COOKIE_SAMESITE = 'None'
     8}}}
    79
    810...and then when testing the presence of `SameSite` and `Secure` cookies in the responses, there is no `SameSite` neither `Secure` cookie keys.
    911Here is a non passing test, for example, for a user agent that should have `SameSite` and `Secure` cookies:
    1012
    11     agent_string = "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.2227.0 Safari/537.36"
    12     from django.test import Client
    13     test_client = Client()
    14     res = test_client.get("/", HTTP_USER_AGENT=agent_string)
    15     assert res.cookies.get(self.cookie_key)["samesite"] == "None"
    16     assert res.cookies.get(self.cookie_key)["secure"]
     13{{{
     14agent_string = "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.2227.0 Safari/537.36"
     15from django.test import Client
     16test_client = Client()
     17res = test_client.get("/", HTTP_USER_AGENT=agent_string)
     18assert res.cookies.get(self.cookie_key)["samesite"] == "None"
     19assert res.cookies.get(self.cookie_key)["secure"]
     20}}}
    1721
    1822When printing the content of the cookies (`print(res.cookies.items())`), the cookie keys are not there.
Back to Top