Commit dff4aa82 authored by pgjones's avatar pgjones
Browse files

Ensure cookies are deleted

By setting the same attributes on deletion as when set. This helps
when SameSite None is used as it requires secure to work. This
requires the latest Quart for the full delete_cookie API.
parent 2d171eaa
Pipeline #166591747 passed with stages
in 3 minutes and 4 seconds
......@@ -39,7 +39,7 @@ reverse_relative = true
[tool.poetry.dependencies]
python = ">=3.7"
quart = ">=0.11"
quart = ">=0.13"
[tool.poetry.dev-dependencies]
tox = "*"
......
......@@ -97,6 +97,10 @@ class AuthManager:
response.delete_cookie(
_get_config_or_default("QUART_AUTH_COOKIE_NAME"),
domain=_get_config_or_default("QUART_AUTH_COOKIE_DOMAIN"),
httponly=_get_config_or_default("QUART_AUTH_COOKIE_HTTP_ONLY"),
path=_get_config_or_default("QUART_AUTH_COOKIE_PATH"),
secure=_get_config_or_default("QUART_AUTH_COOKIE_SECURE"),
samesite=_get_config_or_default("QUART_AUTH_COOKIE_SAMESITE"),
)
elif current_user.action in {Action.WRITE, Action.WRITE_PERMANENT}:
max_age = None
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment