dinislage/web2py
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add SameSite support

Browse Source
This commit is contained in:
Leonel Câmara
2018-09-06 16:16:44 +01:00
parent 33c6dd9656
commit 928fd364cf
2 changed files with 27 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
gluon/globals.py
+9 -1
View File
@@ -1075,6 +1075,8 @@ class Session(Storage):
scookies['HttpOnly'] = True
if self._secure:
scookies['secure'] = True
if self._same_site:
scookies['samesite'] = self._same_site
def clear_session_cookies(self):
request = current.request
@@ -1153,6 +1155,12 @@ class Session(Storage):
def secure(self):
self._secure = True
def samesite(self, mode='Lax'):
if 'samesite' not in Cookie.Morsel._reserved:
# Python version 3.7 and lower needs this
Cookie.Morsel._reserved['samesite'] = 'SameSite'
self._same_site = mode
def forget(self, response=None):
self._close(response)
self._forget = True
@@ -1180,7 +1188,7 @@ class Session(Storage):
def _unchanged(self, response):
if response.session_new:
internal = ['_last_timestamp', '_secure', '_start_timestamp']
internal = ['_last_timestamp', '_secure', '_start_timestamp', '_same_site']
for item in self.keys():
if item not in internal:
return False
gluon/tests/test_globals.py
+18
View File
@@ -231,6 +231,24 @@ class testResponse(unittest.TestCase):
cookie = str(current.response.cookies)
self.assertTrue('httponly' not in cookie.lower())
def test_cookies_samesite(self):
current = setup_clean_session()
current.session._fixup_before_save()
cookie = str(current.response.cookies)
self.assertTrue('samesite' not in cookie.lower())
current = setup_clean_session()
current.session.samesite()
current.session._fixup_before_save()
cookie = str(current.response.cookies)
self.assertTrue('samesite=lax' in cookie.lower())
current = setup_clean_session()
current.session.samesite('Strict')
current.session._fixup_before_save()
cookie = str(current.response.cookies)
self.assertTrue('samesite=strict' in cookie.lower())
def test_include_meta(self):
response = Response()
response.meta[u'web2py'] = 'web2py'