def testInSecureCookieNoConf(self):
self.app.wsgi_app = FakeHost(self.app.wsgi_app, "isso-dev.local", "http")
rv = self.post('/new?uri=%2Fpath%2F',
data=json.dumps({'text': 'Lorem ipsum ...'}))
self.assertNotIn("Secure", rv.headers["Set-Cookie"])
self.assertNotIn("Secure", rv.headers["X-Set-Cookie"])
self.assertIn("SameSite=Lax", rv.headers["Set-Cookie"])
def testSameSiteConfLax(self):
# By default, isso should set SameSite=None when served over https
self.app.wsgi_app = FakeHost(self.app.wsgi_app, "isso-dev.local", "https")
# Conf overrides SameSite setting
self.conf.set("server", "samesite", "Lax")
rv = self.post('/new?uri=%2Fpath%2F',
data=json.dumps({'text': 'Lorem ipsum ...'}))
self.assertIn("Secure", rv.headers["Set-Cookie"])
self.assertIn("Secure", rv.headers["X-Set-Cookie"])
self.assertIn("SameSite=Lax", rv.headers["Set-Cookie"])