Default SameSite session cookie setting to Lax (#824)

2025-12-17 22:14:25 +01:00 · 2019-01-08 02:52:51 -05:00
parent 9f7dc0543c
commit 83e294057e
3 changed files with 25 additions and 1 deletions
--- a/tests/utils/test_sessions.py
+++ b/tests/utils/test_sessions.py
@@ -0,0 +1,21 @@
+from tests.helpers import *
+
+
+def test_sessions_set_httponly():
+    app = create_ctfd()
+    with app.app_context():
+        with app.test_client() as client:
+            r = client.get('/')
+            cookie = dict(r.headers)['Set-Cookie']
+            assert 'HttpOnly;' in cookie
+    destroy_ctfd(app)
+
+
+def test_sessions_set_samesite():
+    app = create_ctfd()
+    with app.app_context():
+        with app.test_client() as client:
+            r = client.get('/')
+            cookie = dict(r.headers)['Set-Cookie']
+            assert 'SameSite=' in cookie
+    destroy_ctfd(app)