Changes between Version 1 and Version 2 of Ticket #33109
- Timestamp:
- Sep 14, 2021, 1:56:17 AM (3 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #33109 – Description
v1 v2 1 1 When using the following constants in `settings.py`, as Django doc says (https://docs.djangoproject.com/en/3.1/ref/settings/#std:setting-SESSION_COOKIE_SECURE): 2 2 3 CSRF_COOKIE_SECURE = True 4 SESSION_COOKIE_SECURE = True 5 CSRF_COOKIE_SAMESITE = 'None' 6 SESSION_COOKIE_SAMESITE = 'None' 3 {{{ 4 CSRF_COOKIE_SECURE = True 5 SESSION_COOKIE_SECURE = True 6 CSRF_COOKIE_SAMESITE = 'None' 7 SESSION_COOKIE_SAMESITE = 'None' 8 }}} 7 9 8 10 ...and then when testing the presence of `SameSite` and `Secure` cookies in the responses, there is no `SameSite` neither `Secure` cookie keys. 9 11 Here is a non passing test, for example, for a user agent that should have `SameSite` and `Secure` cookies: 10 12 11 agent_string = "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.2227.0 Safari/537.36" 12 from django.test import Client 13 test_client = Client() 14 res = test_client.get("/", HTTP_USER_AGENT=agent_string) 15 assert res.cookies.get(self.cookie_key)["samesite"] == "None" 16 assert res.cookies.get(self.cookie_key)["secure"] 13 {{{ 14 agent_string = "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.2227.0 Safari/537.36" 15 from django.test import Client 16 test_client = Client() 17 res = test_client.get("/", HTTP_USER_AGENT=agent_string) 18 assert res.cookies.get(self.cookie_key)["samesite"] == "None" 19 assert res.cookies.get(self.cookie_key)["secure"] 20 }}} 17 21 18 22 When printing the content of the cookies (`print(res.cookies.items())`), the cookie keys are not there.