Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bugfix: non-bytes samesite #362

Merged
merged 4 commits into from Jun 6, 2018
Merged

Bugfix: non-bytes samesite #362

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
3514dba
Add tests for non bytes samesite
digitalresistor Jun 3, 2018
e5f3aa9
Serialize SameSite now coerces to bytes
digitalresistor Jun 3, 2018
8964aac
Update serialization failure message
digitalresistor Jun 3, 2018
2e719a9
Update documentation for SameSite
digitalresistor Jun 3, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
8 changes: 5 additions & 3 deletions src/webob/cookies.py
View file
Open in desktop
Expand Up @@ -239,8 +239,10 @@ def serialize_cookie_date(v):


def serialize_samesite(v):
v = bytes_(v)

if v.lower() not in (b"strict", b"lax"):
raise ValueError("SameSite must be b'Strict' or b'Lax'")
raise ValueError("SameSite must be 'Strict' or 'Lax'")
return v


Expand Down Expand Up @@ -469,8 +471,8 @@ def make_cookie(name, value, max_age=None, path='/', domain=None,
Set a comment on the cookie. Default: ``None``

``samesite``
The 'SameSite' attribute of the cookie, can be either ``b"Strict"``,
``b"Lax"``, or ``None``.
The 'SameSite' attribute of the cookie, can be either ``"Strict"``,
``"Lax"``, or ``None``.
"""

# We are deleting the cookie, override max_age and expires
Expand Down
2 changes: 1 addition & 1 deletion src/webob/response.py
View file
Open in desktop
Expand Up @@ -1005,7 +1005,7 @@ def set_cookie(self, name, value='', max_age=None,

A string representing the ``SameSite`` attribute of the cookie or
``None``. If samesite is ``None`` no ``SameSite`` value will be sent
in the cookie. Should only be ``b"Strict"`` or ``b"Lax"``.
in the cookie. Should only be ``"Strict"`` or ``"Lax"``.

``comment``

Expand Down
17 changes: 16 additions & 1 deletion tests/test_cookies.py
View file
Open in desktop
Expand Up @@ -450,6 +450,13 @@ def test_make_cookie_path(self):
assert 'test_cookie=value' in cookie
assert 'Path=/foo/bar/baz' in cookie

@pytest.mark.parametrize("samesite", ["Strict", "Lax"])
def test_make_cookie_samesite(self, samesite):
cookie = self.makeOne('test_cookie', 'value', samesite=samesite)

assert 'test_cookie=value' in cookie
assert 'SameSite=' + samesite in cookie

class CommonCookieProfile(object):
def makeDummyRequest(self, **kw):
class Dummy(object):
Expand Down Expand Up @@ -661,12 +668,20 @@ def test_flag_http_only(self):
assert '; HttpOnly' in cookie[1]

@pytest.mark.parametrize("samesite", [b"Strict", b"Lax"])
def test_with_samesite_bytes(self, samesite):
cookie = self.makeOne(samesite=samesite)
ret = cookie.get_headers("test")

for cookie in ret:
assert "; SameSite=" + samesite.decode('ascii') in cookie[1]

@pytest.mark.parametrize("samesite", ["Strict", "Lax"])
def test_with_samesite(self, samesite):
cookie = self.makeOne(samesite=samesite)
ret = cookie.get_headers("test")

for cookie in ret:
assert "; SameSite=" + samesite.decode("ascii") in cookie[1]
assert "; SameSite=" + samesite in cookie[1]

def test_cookie_length(self):
cookie = self.makeOne()
Expand Down