From c8281431a7ee5c24bb1135785914a020cc9a24f3 Mon Sep 17 00:00:00 2001 From: Keming Date: Thu, 3 Oct 2024 12:42:42 +0800 Subject: [PATCH] chore: set cookie secure (#377) * chore: fix secure alert about set_cookie Signed-off-by: Keming * fix more set_cookie Signed-off-by: Keming * fix test re Signed-off-by: Keming --------- Signed-off-by: Keming --- tests/flask_imports/dry_plugin_flask.py | 6 ++++-- tests/test_plugin_flask.py | 6 ++++++ tests/test_plugin_flask_blueprint.py | 6 ++++++ tests/test_plugin_flask_view.py | 6 ++++++ 4 files changed, 22 insertions(+), 2 deletions(-) diff --git a/tests/flask_imports/dry_plugin_flask.py b/tests/flask_imports/dry_plugin_flask.py index f1a2cd67..9b720c03 100644 --- a/tests/flask_imports/dry_plugin_flask.py +++ b/tests/flask_imports/dry_plugin_flask.py @@ -208,7 +208,8 @@ def test_flask_make_response_post(client): assert resp.json == {"name": payload.name, "score": [payload.limit]} assert resp.headers.get("lang") == "en-US" cookie_result = re.match( - r"^test_cookie=\"((\w+\s?){3})\";\sPath=/$", resp.headers.get("Set-Cookie") + r"^test_cookie=\"((\w+\s?){3})\"; Secure; HttpOnly; Path=/; SameSite=Strict$", + resp.headers.get("Set-Cookie"), ) assert cookie_result.group(1) == payload.name @@ -227,7 +228,8 @@ def test_flask_make_response_get(client): assert resp.json == {"name": payload.name, "score": [payload.limit]} assert resp.headers.get("lang") == "en-US" cookie_result = re.match( - r"^test_cookie=\"((\w+\s?){3})\";\sPath=/$", resp.headers.get("Set-Cookie") + r"^test_cookie=\"((\w+\s?){3})\"; Secure; HttpOnly; Path=/; SameSite=Strict$", + resp.headers.get("Set-Cookie"), ) assert cookie_result.group(1) == payload.name diff --git a/tests/test_plugin_flask.py b/tests/test_plugin_flask.py index 124f8cdf..902822f1 100644 --- a/tests/test_plugin_flask.py +++ b/tests/test_plugin_flask.py @@ -211,6 +211,9 @@ def return_make_response_post(): response.set_cookie( key="test_cookie", value=model_data.name, + secure=True, + httponly=True, + samesite="Strict", ) return response @@ -226,6 +229,9 @@ def return_make_response_get(): response.set_cookie( key="test_cookie", value=model_data.name, + secure=True, + httponly=True, + samesite="Strict", ) return response diff --git a/tests/test_plugin_flask_blueprint.py b/tests/test_plugin_flask_blueprint.py index 6fb849ac..c277e844 100644 --- a/tests/test_plugin_flask_blueprint.py +++ b/tests/test_plugin_flask_blueprint.py @@ -198,6 +198,9 @@ def return_make_response_post(): response.set_cookie( key="test_cookie", value=model_data.name, + secure=True, + httponly=True, + samesite="Strict", ) return response @@ -213,6 +216,9 @@ def return_make_response_get(): response.set_cookie( key="test_cookie", value=model_data.name, + secure=True, + httponly=True, + samesite="Strict", ) return response diff --git a/tests/test_plugin_flask_view.py b/tests/test_plugin_flask_view.py index e7795ba0..2f6b0725 100644 --- a/tests/test_plugin_flask_view.py +++ b/tests/test_plugin_flask_view.py @@ -212,6 +212,9 @@ def post(self): response.set_cookie( key="test_cookie", value=model_data.name, + secure=True, + httponly=True, + samesite="Strict", ) return response @@ -229,6 +232,9 @@ def get(self): response.set_cookie( key="test_cookie", value=model_data.name, + secure=True, + httponly=True, + samesite="Strict", ) return response