Mercurial > p > roundup > code

diff test/test_liveserver.py @ 8168:3f0f4746dc7e

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
issue2551370 - prefix session cookie with __Secure- over https Limit use of roundup session cookie to HTTPS protocol by adding __Secure- prefix. Automatic testing includes http behavior only. Https behavious has been manually tested only. Need to be able to spin up an https server using wsgiref to test https behavior in CI. issue 2551373 opened to track automatic testing of https behavior.
author John Rouillard <rouilj@ieee.org>
date Tue, 26 Nov 2024 17:11:13 -0500
parents 603aa730b067
children 14e92a595828
line wrap: on
line diff
--- a/test/test_liveserver.py	Tue Nov 26 15:25:01 2024 -0500
+++ b/test/test_liveserver.py	Tue Nov 26 17:11:13 2024 -0500
@@ -176,6 +176,18 @@
             return session
         return session, response
 
+    def test_cookie_attributes(self):
+        session, _response = self.create_login_session()
+
+        cookie_box = session.cookies._cookies['localhost.local']['/']
+        cookie = cookie_box['roundup_session_Roundupissuetracker']
+
+        # check cookie attributes. This is an http session, so
+        # we can't check secure or see cookie with __Secure- prefix 8-(.
+        self.assertEqual(cookie.name, 'roundup_session_Roundupissuetracker')
+        self.assertEqual(cookie.expires, None)  # session cookie
+        self.assertEqual(cookie._rest['HttpOnly'], None)  # flag is present
+        self.assertEqual(cookie._rest['SameSite'], 'Lax')
 
     def test_query(self):
         current_user_query = (
Roundup Issue Tracker: http://roundup-tracker.org/