Fixed #30304 -- Added support for the HttpOnly, SameSite, and Secure flags on language cookies.

2025-10-31 09:41:08 +00:00 · 2019-04-01 12:29:10 +03:00
parent cef3f2d3c6
commit 19fc6376ce
6 changed files with 68 additions and 1 deletions
--- a/tests/view_tests/tests/test_i18n.py
+++ b/tests/view_tests/tests/test_i18n.py
@@ -45,6 +45,9 @@ class SetLanguageTests(TestCase):
        self.assertEqual(language_cookie['domain'], '')
        self.assertEqual(language_cookie['path'], '/')
        self.assertEqual(language_cookie['max-age'], '')
+        self.assertEqual(language_cookie['httponly'], '')
+        self.assertEqual(language_cookie['samesite'], '')
+        self.assertEqual(language_cookie['secure'], '')

    def test_setlang_unsafe_next(self):
        """
@@ -175,6 +178,9 @@ class SetLanguageTests(TestCase):
            'LANGUAGE_COOKIE_AGE': 3600 * 7 * 2,
            'LANGUAGE_COOKIE_DOMAIN': '.example.com',
            'LANGUAGE_COOKIE_PATH': '/test/',
+            'LANGUAGE_COOKIE_HTTPONLY': True,
+            'LANGUAGE_COOKIE_SAMESITE': 'Strict',
+            'LANGUAGE_COOKIE_SECURE': True,
        }
        with self.settings(**test_settings):
            post_data = {'language': 'pl', 'next': '/views/'}
@@ -184,6 +190,9 @@ class SetLanguageTests(TestCase):
            self.assertEqual(language_cookie['domain'], '.example.com')
            self.assertEqual(language_cookie['path'], '/test/')
            self.assertEqual(language_cookie['max-age'], 3600 * 7 * 2)
+            self.assertEqual(language_cookie['httponly'], True)
+            self.assertEqual(language_cookie['samesite'], 'Strict')
+            self.assertEqual(language_cookie['secure'], True)

    def test_setlang_decodes_http_referer_url(self):
        """