orbit-oss/flask
4
4
Fork 2
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

clean up samesite docs

Browse source
This commit is contained in:
David Lord 2018-01-23 15:11:50 -08:00
parent db5735c3ce
commit 382b13581e
No known key found for this signature in database
GPG key ID: 7A1C87E3F5BC42A8
4 changed files with 33 additions and 30 deletions
Download patch file Download diff file Expand all files Collapse all files

27
tests/test_basic.py
View file

@ -319,7 +319,7 @@ def test_session_using_session_settings(app, client):
SESSION_COOKIE_DOMAIN='.example.com',
SESSION_COOKIE_HTTPONLY=False,
SESSION_COOKIE_SECURE=True,
SESSION_COOKIE_SAMESITE='Strict',
SESSION_COOKIE_SAMESITE='Lax',
SESSION_COOKIE_PATH='/'
)
@ -338,41 +338,32 @@ def test_session_using_session_settings(app, client):
def test_session_using_samesite_attribute(app, client):
app.config.update(
SERVER_NAME='www.example.com:8080',
APPLICATION_ROOT='/test',
SESSION_COOKIE_DOMAIN='.example.com',
SESSION_COOKIE_HTTPONLY=False,
SESSION_COOKIE_SECURE=True,
SESSION_COOKIE_SAMESITE='anyvalue',
SESSION_COOKIE_PATH='/'
)
@app.route('/')
def index():
flask.session['testing'] = 42
return 'Hello World'
# assert excption when samesite is not set to 'Strict', 'Lax' or None
with pytest.raises(ValueError):
rv = client.get('/', 'http://www.example.com:8080/test/')
app.config.update(SESSION_COOKIE_SAMESITE='invalid')
with pytest.raises(ValueError):
client.get('/')
# assert the samesite flag is not set in the cookie, when set to None
app.config.update(SESSION_COOKIE_SAMESITE=None)
rv = client.get('/', 'http://www.example.com:8080/test/')
rv = client.get('/')
cookie = rv.headers['set-cookie'].lower()
assert 'samesite' not in cookie
app.config.update(SESSION_COOKIE_SAMESITE='Strict')
rv = client.get('/', 'http://www.example.com:8080/test/')
rv = client.get('/')
cookie = rv.headers['set-cookie'].lower()
assert 'samesite=strict' in cookie
app.config.update(SESSION_COOKIE_SAMESITE='Lax')
rv = client.get('/', 'http://www.example.com:8080/test/')
rv = client.get('/')
cookie = rv.headers['set-cookie'].lower()
assert 'samesite=lax' in cookie
def test_session_localhost_warning(recwarn, app, client):
app.config.update(
SERVER_NAME='localhost:5000',