diff options
| author | R David Murray <rdmurray@bitdance.com> | 2013-08-25 11:09:02 -0400 |
|---|---|---|
| committer | R David Murray <rdmurray@bitdance.com> | 2013-08-25 11:09:02 -0400 |
| commit | e0184dda7345800df932d01972e42f8ffb81843f (patch) | |
| tree | 6925254494c8551ecdfac78b5e022303186cdd26 /Lib/test/test_http_cookies.py | |
| parent | b857cf015ce08a550133631f3b1ec4f6c90e6fc1 (diff) | |
| download | cpython-e0184dda7345800df932d01972e42f8ffb81843f.tar.gz | |
#16611: BaseCookie now parses 'secure' and 'httponly' flags.
Previously it generated them if they were given a value, but completely
ignored them if they were present in the string passed in to be parsed. Now
if the flag appears on a cookie, the corresponding Morsel key will reference a
True value. Other pre-existing behavior is retained in this maintenance
patch: if the source contains something like 'secure=foo', morsel['secure']
will return 'foo'. Since such a value doesn't round trip and never did (and
would be a surprising occurrence) a subsequent non-bug-fix patch may change
this behavior.
Inspired by a patch from Julien Phalip, who reviewed this one.
Diffstat (limited to 'Lib/test/test_http_cookies.py')
| -rw-r--r-- | Lib/test/test_http_cookies.py | 40 |
1 files changed, 39 insertions, 1 deletions
diff --git a/Lib/test/test_http_cookies.py b/Lib/test/test_http_cookies.py index e8327e59eb..1cfbe742e4 100644 --- a/Lib/test/test_http_cookies.py +++ b/Lib/test/test_http_cookies.py @@ -109,13 +109,51 @@ class CookieTests(unittest.TestCase): self.assertEqual(C.output(), 'Set-Cookie: Customer="WILE_E_COYOTE"; Max-Age=10') - # others + def test_set_secure_httponly_attrs(self): C = cookies.SimpleCookie('Customer="WILE_E_COYOTE"') C['Customer']['secure'] = True C['Customer']['httponly'] = True self.assertEqual(C.output(), 'Set-Cookie: Customer="WILE_E_COYOTE"; httponly; secure') + def test_secure_httponly_false_if_not_present(self): + C = cookies.SimpleCookie() + C.load('eggs=scrambled; Path=/bacon') + self.assertFalse(C['eggs']['httponly']) + self.assertFalse(C['eggs']['secure']) + + def test_secure_httponly_true_if_present(self): + # Issue 16611 + C = cookies.SimpleCookie() + C.load('eggs=scrambled; httponly; secure; Path=/bacon') + self.assertTrue(C['eggs']['httponly']) + self.assertTrue(C['eggs']['secure']) + + def test_secure_httponly_true_if_have_value(self): + # This isn't really valid, but demonstrates what the current code + # is expected to do in this case. + C = cookies.SimpleCookie() + C.load('eggs=scrambled; httponly=foo; secure=bar; Path=/bacon') + self.assertTrue(C['eggs']['httponly']) + self.assertTrue(C['eggs']['secure']) + # Here is what it actually does; don't depend on this behavior. These + # checks are testing backward compatibility for issue 16611. + self.assertEqual(C['eggs']['httponly'], 'foo') + self.assertEqual(C['eggs']['secure'], 'bar') + + def test_bad_attrs(self): + # issue 16611: make sure we don't break backward compatibility. + C = cookies.SimpleCookie() + C.load('cookie=with; invalid; version; second=cookie;') + self.assertEqual(C.output(), + 'Set-Cookie: cookie=with\r\nSet-Cookie: second=cookie') + + def test_extra_spaces(self): + C = cookies.SimpleCookie() + C.load('eggs = scrambled ; secure ; path = bar ; foo=foo ') + self.assertEqual(C.output(), + 'Set-Cookie: eggs=scrambled; Path=bar; secure\r\nSet-Cookie: foo=foo') + def test_quoted_meta(self): # Try cookie with quoted meta-data C = cookies.SimpleCookie() |