Commit 2041c0db authored by pgjones's avatar pgjones

Bugfix accept additional attributes to the delete cookie

Recent browser changes mean that cookies will not be set if they have
the wrong combination of attributes e.g. SameSite none and not
secure. This also affects deletion which itself is a set cookie
command.

Only the SameSite and secure attributes are required, however it seems
more useful to accept all the possibilities for other edge cases.

See also https://chromestatus.com/feature/5633521622188032
parent 70ab0095
Pipeline #166579941 passed with stages
in 2 minutes and 52 seconds
......@@ -458,9 +458,26 @@ class Response(_BaseRequestResponse, JSONMixin):
),
)
def delete_cookie(self, key: str, path: str = "/", domain: Optional[str] = None) -> None:
def delete_cookie(
self,
key: str,
path: str = "/",
domain: Optional[str] = None,
secure: bool = False,
httponly: bool = False,
samesite: str = None,
) -> None:
"""Delete a cookie (set to expire immediately)."""
self.set_cookie(key, expires=0, max_age=0, path=path, domain=domain)
self.set_cookie(
key,
expires=0,
max_age=0,
path=path,
domain=domain,
secure=secure,
httponly=httponly,
samesite=samesite,
)
async def add_etag(self, overwrite: bool = False, weak: bool = False) -> None:
if overwrite or "etag" not in self.headers:
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment