mirror of https://github.com/django/django.git
Refs #33562 -- Made HttpResponse.set_cookie() raise ValueError when both "expires" and "max_age" are passed.
This fixes the case where you might pass set_cookie(expires=val, max_age=val) and max_age is silently ignored.
This commit is contained in:
parent
ae2da5ba65
commit
f3bf6c4218
|
@ -244,6 +244,8 @@ class HttpResponseBase:
|
|||
delta = delta + datetime.timedelta(seconds=1)
|
||||
# Just set max_age - the max_age logic will set expires.
|
||||
expires = None
|
||||
if max_age is not None:
|
||||
raise ValueError("'expires' and 'max_age' can't be used together.")
|
||||
max_age = max(0, delta.days * 86400 + delta.seconds)
|
||||
else:
|
||||
self.cookies[key]["expires"] = expires
|
||||
|
|
|
@ -76,6 +76,14 @@ class SetCookieTests(SimpleTestCase):
|
|||
response.set_cookie("max_age", max_age=timedelta(hours=1))
|
||||
self.assertEqual(response.cookies["max_age"]["max-age"], 3600)
|
||||
|
||||
def test_max_age_with_expires(self):
|
||||
response = HttpResponse()
|
||||
msg = "'expires' and 'max_age' can't be used together."
|
||||
with self.assertRaisesMessage(ValueError, msg):
|
||||
response.set_cookie(
|
||||
"max_age", expires=datetime(2000, 1, 1), max_age=timedelta(hours=1)
|
||||
)
|
||||
|
||||
def test_httponly_cookie(self):
|
||||
response = HttpResponse()
|
||||
response.set_cookie("example", httponly=True)
|
||||
|
|
Loading…
Reference in New Issue