Ensure cookies are deleted

By setting the same attributes on deletion as when set. This helps when SameSite None is used as it requires secure to work. This requires the latest Quart for the full delete_cookie API.

Ensure cookies are deleted
By setting the same attributes on deletion as when set. This helps when SameSite None is used as it requires secure to work. This requires the latest Quart for the full delete_cookie API.
dff4aa82 · pgjones · 2d171eaa · dff4aa82 · dff4aa82
Commit dff4aa82 authored Jul 14, 2020 by pgjones
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 1 deletion

pyproject.toml pyproject.toml +1 -1

src/quart_auth/__init__.py src/quart_auth/__init__.py +4 -0

No files found.
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -39,7 +39,7 @@ reverse_relative = true

 [tool.poetry.dependencies]
 python = ">=3.7"
-quart = ">=0.11"
+quart = ">=0.13"

 [tool.poetry.dev-dependencies]
 tox = "*"

--- a/src/quart_auth/__init__.py
+++ b/src/quart_auth/__init__.py
@@ -97,6 +97,10 @@ class AuthManager:
            response.delete_cookie(
                _get_config_or_default("QUART_AUTH_COOKIE_NAME"),
                domain=_get_config_or_default("QUART_AUTH_COOKIE_DOMAIN"),
+                httponly=_get_config_or_default("QUART_AUTH_COOKIE_HTTP_ONLY"),
+                path=_get_config_or_default("QUART_AUTH_COOKIE_PATH"),
+                secure=_get_config_or_default("QUART_AUTH_COOKIE_SECURE"),
+                samesite=_get_config_or_default("QUART_AUTH_COOKIE_SAMESITE"),
            )
        elif current_user.action in {Action.WRITE, Action.WRITE_PERMANENT}:
            max_age = None