Merge branch 'bugfix/nonbytes-samesite'
Closes #361

Closes #361
Add CHANGES.txt and bump to 1.8.2
Pylons
Unified Split

Showing with 36 additions and 6 deletions.

+13 −0 CHANGES.txt

+1 −1 setup.py

+5 −3 src/webob/cookies.py

+1 −1 src/webob/response.py

+16 −1 tests/test_cookies.py
diff --git a/CHANGES.txt b/CHANGES.txt
@@ -1,3 +1,16 @@
+1.8.2 (2018-06-05)
+------------------
+
+Bugfix
+~~~~~~
+
+- SameSite may now be passed as str or bytes to `Response.set_cookie` and
+  `cookies.make_cookie`. This was an oversight as all other arguments would be
+  correctly coerced before being serialized. See
+  https://github.com/Pylons/webob/issues/361 and
+  https://github.com/Pylons/webob/pull/362
+
+
 1.8.1 (2018-04-10)
 ------------------

diff --git a/setup.py b/setup.py
@@ -25,7 +25,7 @@

 setup(
    name='WebOb',
-    version='1.8.1',
+    version='1.8.2',
    description="WSGI request and response object",
    long_description=README + '\n\n' + CHANGES,
    classifiers=[
diff --git a/src/webob/cookies.py b/src/webob/cookies.py
@@ -239,8 +239,10 @@ def serialize_cookie_date(v):


 def serialize_samesite(v):
+    v = bytes_(v)
+
    if v.lower() not in (b"strict", b"lax"):
-        raise ValueError("SameSite must be b'Strict' or b'Lax'")
+        raise ValueError("SameSite must be 'Strict' or 'Lax'")
    return v


@@ -469,8 +471,8 @@ def make_cookie(name, value, max_age=None, path='/', domain=None,
      Set a comment on the cookie. Default: ``None``

    ``samesite``
-      The 'SameSite' attribute of the cookie, can be either ``b"Strict"``,
-      ``b"Lax"``, or ``None``.
+      The 'SameSite' attribute of the cookie, can be either ``"Strict"``,
+      ``"Lax"``, or ``None``.
    """

    # We are deleting the cookie, override max_age and expires
diff --git a/src/webob/response.py b/src/webob/response.py
@@ -1005,7 +1005,7 @@ def set_cookie(self, name, value='', max_age=None,

          A string representing the ``SameSite`` attribute of the cookie or
          ``None``. If samesite is ``None`` no ``SameSite`` value will be sent
-          in the cookie. Should only be ``b"Strict"`` or ``b"Lax"``.
+          in the cookie. Should only be ``"Strict"`` or ``"Lax"``.

        ``comment``

diff --git a/tests/test_cookies.py b/tests/test_cookies.py
@@ -450,6 +450,13 @@ def test_make_cookie_path(self):
        assert 'test_cookie=value' in cookie
        assert 'Path=/foo/bar/baz' in cookie

+    @pytest.mark.parametrize("samesite", ["Strict", "Lax"])
+    def test_make_cookie_samesite(self, samesite):
+        cookie = self.makeOne('test_cookie', 'value', samesite=samesite)
+
+        assert 'test_cookie=value' in cookie
+        assert 'SameSite=' + samesite in cookie
+
 class CommonCookieProfile(object):
    def makeDummyRequest(self, **kw):
        class Dummy(object):
@@ -661,12 +668,20 @@ def test_flag_http_only(self):
            assert '; HttpOnly' in cookie[1]

    @pytest.mark.parametrize("samesite", [b"Strict", b"Lax"])
+    def test_with_samesite_bytes(self, samesite):
+        cookie = self.makeOne(samesite=samesite)
+        ret = cookie.get_headers("test")
+
+        for cookie in ret:
+            assert "; SameSite=" + samesite.decode('ascii') in cookie[1]
+
+    @pytest.mark.parametrize("samesite", ["Strict", "Lax"])
    def test_with_samesite(self, samesite):
        cookie = self.makeOne(samesite=samesite)
        ret = cookie.get_headers("test")

        for cookie in ret:
-            assert "; SameSite=" + samesite.decode("ascii") in cookie[1]
+            assert "; SameSite=" + samesite in cookie[1]

    def test_cookie_length(self):
        cookie = self.makeOne()