From 2041c0dbbdd69de39d0a839e6f8be5f556c59e01 Mon Sep 17 00:00:00 2001 From: pgjones Date: Tue, 14 Jul 2020 21:09:44 +0100 Subject: [PATCH] Bugfix accept additional attributes to the delete cookie Recent browser changes mean that cookies will not be set if they have the wrong combination of attributes e.g. SameSite none and not secure. This also affects deletion which itself is a set cookie command. Only the SameSite and secure attributes are required, however it seems more useful to accept all the possibilities for other edge cases. See also https://chromestatus.com/feature/5633521622188032 --- src/quart/wrappers/response.py | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/src/quart/wrappers/response.py b/src/quart/wrappers/response.py index 6ba0450..aa97eab 100644 --- a/src/quart/wrappers/response.py +++ b/src/quart/wrappers/response.py @@ -458,9 +458,26 @@ class Response(_BaseRequestResponse, JSONMixin): ), ) - def delete_cookie(self, key: str, path: str = "/", domain: Optional[str] = None) -> None: + def delete_cookie( + self, + key: str, + path: str = "/", + domain: Optional[str] = None, + secure: bool = False, + httponly: bool = False, + samesite: str = None, + ) -> None: """Delete a cookie (set to expire immediately).""" - self.set_cookie(key, expires=0, max_age=0, path=path, domain=domain) + self.set_cookie( + key, + expires=0, + max_age=0, + path=path, + domain=domain, + secure=secure, + httponly=httponly, + samesite=samesite, + ) async def add_etag(self, overwrite: bool = False, weak: bool = False) -> None: if overwrite or "etag" not in self.headers: -- GitLab