Opened 3 years ago

Last modified 3 years ago

#33109 closed Bug

Testing the presence of SameSite and Secure cookies doesn't work — at Version 4

Reported by: Adrien Carpentier Owned by: nobody
Component: Testing framework Version: 3.1
Severity: Normal Keywords: cookies, samesite, secure, test
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description (last modified by Adrien Carpentier)

When using the following constants in settings.py, as Django doc says (https://docs.djangoproject.com/en/3.1/ref/settings/#std:setting-SESSION_COOKIE_SECURE):

CSRF_COOKIE_SECURE = True
SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SAMESITE = 'None'
SESSION_COOKIE_SAMESITE = 'None'

...and then when testing the presence of SameSite and Secure cookies in the responses, there is no SameSite neither Secure cookie keys.
Here is a non passing test, for example, for a user agent that should have SameSite and Secure cookies:

agent_string = "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.2227.0 Safari/537.36"
from django.test import Client
test_client = Client()
res = test_client.get("/", HTTP_USER_AGENT=agent_string)
assert res.cookies.get(self.cookie_key)["samesite"] == "None"
assert res.cookies.get(self.cookie_key)["secure"]

When printing the content of the cookies (print(res.cookies.items())), the cookie keys are not there.

Side note: until 3.1 I was adding SameSite and Secure cookies in the responses through a custom middleware before Django 3.1, depending on the user agent, and the tests were passing.

Change History (4)

comment:1 by Adrien Carpentier, 3 years ago

Description: modified (diff)

comment:2 by Adrien Carpentier, 3 years ago

Description: modified (diff)

comment:3 by Adrien Carpentier, 3 years ago

Summary: Testing of presence of SameSite and Secure cookies doesn't workTesting the presence of SameSite and Secure cookies doesn't work

comment:4 by Adrien Carpentier, 3 years ago

Description: modified (diff)
Note: See TracTickets for help on using tickets.
Back to Top