Mercurial > p > roundup > code
comparison test/test_liveserver.py @ 8168:3f0f4746dc7e
issue2551370 - prefix session cookie with __Secure- over https
Limit use of roundup session cookie to HTTPS protocol by adding
__Secure- prefix. Automatic testing includes http behavior only.
Https behavious has been manually tested only. Need to be able to spin
up an https server using wsgiref to test https behavior in CI.
issue 2551373 opened to track automatic testing of https behavior.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Tue, 26 Nov 2024 17:11:13 -0500 |
| parents | 603aa730b067 |
| children | 14e92a595828 |
comparison
equal
deleted
inserted
replaced
| 8167:eaec1297a142 | 8168:3f0f4746dc7e |
|---|---|
| 174 | 174 |
| 175 if not return_response: | 175 if not return_response: |
| 176 return session | 176 return session |
| 177 return session, response | 177 return session, response |
| 178 | 178 |
| 179 def test_cookie_attributes(self): | |
| 180 session, _response = self.create_login_session() | |
| 181 | |
| 182 cookie_box = session.cookies._cookies['localhost.local']['/'] | |
| 183 cookie = cookie_box['roundup_session_Roundupissuetracker'] | |
| 184 | |
| 185 # check cookie attributes. This is an http session, so | |
| 186 # we can't check secure or see cookie with __Secure- prefix 8-(. | |
| 187 self.assertEqual(cookie.name, 'roundup_session_Roundupissuetracker') | |
| 188 self.assertEqual(cookie.expires, None) # session cookie | |
| 189 self.assertEqual(cookie._rest['HttpOnly'], None) # flag is present | |
| 190 self.assertEqual(cookie._rest['SameSite'], 'Lax') | |
| 179 | 191 |
| 180 def test_query(self): | 192 def test_query(self): |
| 181 current_user_query = ( | 193 current_user_query = ( |
| 182 "@columns=title,id,activity,status,assignedto&" | 194 "@columns=title,id,activity,status,assignedto&" |
| 183 "@sort=activity&@group=priority&@filter=creator&" | 195 "@sort=activity&@group=priority&@filter=creator&" |