CGM_Public/pretix_original
2
0
Fork 1
mirror of https://github.com/pretix/pretix.git synced 2026-05-03 14:54:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

Set cookies with SameSite=None if possible (#1509)

Browse Source
This commit is contained in:
Raphael Michel
2019-12-03 14:50:18 +01:00
committed by GitHub
parent 098b7363e6
commit d46278f04f
5 changed files with 184 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
src/tests/multidomain/test_middlewares.py
View File

@@ -105,3 +105,40 @@ def test_with_forwarded_host(env, client):
r = client.get('/2015/', HTTP_X_FORWARDED_HOST='foobar')
assert r.status_code == 200
settings.USE_X_FORWARDED_HOST = False
@pytest.mark.django_db
@pytest.mark.parametrize("agent", [
'Mozilla/5.0 (Linux; Android 4.4; Nexus 5 Build/_BuildID_) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 '
'Chrome/79.0.0.0 Mobile Safari/537.36',
'Mozilla/5.0 (iPhone; CPU iPhone OS 10_3 like Mac OS X) AppleWebKit/602.1.50 (KHTML, like Gecko) '
'CriOS/56.0.2924.75 Mobile/14E5239e Safari/602.1',
'Mozilla/5.0 (iPhone; CPU iPhone OS 13_0 like Mac OS X) AppleWebKit/603.1.23 (KHTML, like Gecko) Version/10.0 '
'Mobile/14E5239e Safari/602.1',
'Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:47.0) Gecko/20100101 Firefox/47.0',
'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36',
'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 '
'Safari/534.59.10',
])
def test_cookie_samesite_none(env, client, agent):
client.post('/mrmcd/2015/cart/add', HTTP_HOST='example.com', HTTP_USER_AGENT=agent)
r = client.get('/mrmcd/2015/', HTTP_HOST='example.com', HTTP_USER_AGENT=agent)
assert r.client.cookies['pretix_csrftoken']['samesite'] == 'None'
assert r.client.cookies['pretix_session']['samesite'] == 'None'
@pytest.mark.django_db
@pytest.mark.parametrize("agent", [
'Mozilla/5.0 (Linux; Android 4.4; Nexus 5 Build/_BuildID_) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 '
'Chrome/52.0.0.0 Mobile Safari/537.36',
'Mozilla/5.0 (iPhone; CPU iPhone OS 12_3 like Mac OS X) AppleWebKit/602.1.50 (KHTML, like Gecko) '
'CriOS/56.0.2924.75 Mobile/14E5239e Safari/602.1',
'Mozilla/5.0 (iPhone; CPU iPhone OS 12_0 like Mac OS X) AppleWebKit/603.1.23 (KHTML, like Gecko) Version/10.0 '
'Mobile/14E5239e Safari/602.1',
'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 '
'Safari/534.59.10',
])
def test_cookie_samesite_none_only_on_compatible_browsers(env, client, agent):
client.post('/mrmcd/2015/cart/add', HTTP_HOST='example.com', HTTP_USER_AGENT=agent)
r = client.get('/mrmcd/2015/', HTTP_HOST='example.com', HTTP_USER_AGENT=agent)
assert not r.client.cookies['pretix_csrftoken'].get('samesite')