summaryrefslogtreecommitdiffstats
path: root/Lib/test
diff options
context:
space:
mode:
authorR David Murray <rdmurray@bitdance.com>2013-08-25 15:09:02 (GMT)
committerR David Murray <rdmurray@bitdance.com>2013-08-25 15:09:02 (GMT)
commitcd0f74b1e09a50acc073aa57c1345968257a9056 (patch)
tree7db89954d7f789c1c57048e300f7ae0c0405e720 /Lib/test
parentf1fe15982287c5d026e8033b286533e867b51857 (diff)
downloadcpython-cd0f74b1e09a50acc073aa57c1345968257a9056.zip
cpython-cd0f74b1e09a50acc073aa57c1345968257a9056.tar.gz
cpython-cd0f74b1e09a50acc073aa57c1345968257a9056.tar.bz2
#16611: BaseCookie now parses 'secure' and 'httponly' flags.
Previously it generated them if they were given a value, but completely ignored them if they were present in the string passed in to be parsed. Now if the flag appears on a cookie, the corresponding Morsel key will reference a True value. Other pre-existing behavior is retained in this maintenance patch: if the source contains something like 'secure=foo', morsel['secure'] will return 'foo'. Since such a value doesn't round trip and never did (and would be a surprising occurrence) a subsequent non-bug-fix patch may change this behavior. Inspired by a patch from Julien Phalip, who reviewed this one.
Diffstat (limited to 'Lib/test')
-rw-r--r--Lib/test/test_http_cookies.py40
1 files changed, 39 insertions, 1 deletions
diff --git a/Lib/test/test_http_cookies.py b/Lib/test/test_http_cookies.py
index e8327e5..1cfbe74 100644
--- a/Lib/test/test_http_cookies.py
+++ b/Lib/test/test_http_cookies.py
@@ -109,13 +109,51 @@ class CookieTests(unittest.TestCase):
self.assertEqual(C.output(),
'Set-Cookie: Customer="WILE_E_COYOTE"; Max-Age=10')
- # others
+ def test_set_secure_httponly_attrs(self):
C = cookies.SimpleCookie('Customer="WILE_E_COYOTE"')
C['Customer']['secure'] = True
C['Customer']['httponly'] = True
self.assertEqual(C.output(),
'Set-Cookie: Customer="WILE_E_COYOTE"; httponly; secure')
+ def test_secure_httponly_false_if_not_present(self):
+ C = cookies.SimpleCookie()
+ C.load('eggs=scrambled; Path=/bacon')
+ self.assertFalse(C['eggs']['httponly'])
+ self.assertFalse(C['eggs']['secure'])
+
+ def test_secure_httponly_true_if_present(self):
+ # Issue 16611
+ C = cookies.SimpleCookie()
+ C.load('eggs=scrambled; httponly; secure; Path=/bacon')
+ self.assertTrue(C['eggs']['httponly'])
+ self.assertTrue(C['eggs']['secure'])
+
+ def test_secure_httponly_true_if_have_value(self):
+ # This isn't really valid, but demonstrates what the current code
+ # is expected to do in this case.
+ C = cookies.SimpleCookie()
+ C.load('eggs=scrambled; httponly=foo; secure=bar; Path=/bacon')
+ self.assertTrue(C['eggs']['httponly'])
+ self.assertTrue(C['eggs']['secure'])
+ # Here is what it actually does; don't depend on this behavior. These
+ # checks are testing backward compatibility for issue 16611.
+ self.assertEqual(C['eggs']['httponly'], 'foo')
+ self.assertEqual(C['eggs']['secure'], 'bar')
+
+ def test_bad_attrs(self):
+ # issue 16611: make sure we don't break backward compatibility.
+ C = cookies.SimpleCookie()
+ C.load('cookie=with; invalid; version; second=cookie;')
+ self.assertEqual(C.output(),
+ 'Set-Cookie: cookie=with\r\nSet-Cookie: second=cookie')
+
+ def test_extra_spaces(self):
+ C = cookies.SimpleCookie()
+ C.load('eggs = scrambled ; secure ; path = bar ; foo=foo ')
+ self.assertEqual(C.output(),
+ 'Set-Cookie: eggs=scrambled; Path=bar; secure\r\nSet-Cookie: foo=foo')
+
def test_quoted_meta(self):
# Try cookie with quoted meta-data
C = cookies.SimpleCookie()