# it gets rejected
assert handler.get_secure_cookie('foo') is None
+class CookieTest(AsyncHTTPTestCase, LogTrapTestCase):
+ def get_app(self):
+ class SetCookieHandler(RequestHandler):
+ def get(self):
+ # Try setting cookies with different argument types
+ # to ensure that everything gets encoded correctly
+ self.set_cookie("str", "asdf")
+ self.set_cookie("unicode", u"qwer")
+ self.set_cookie("bytes", b("zxcv"))
+
+ class GetCookieHandler(RequestHandler):
+ def get(self):
+ self.write(self.get_cookie("foo"))
+
+ return Application([
+ ("/set", SetCookieHandler),
+ ("/get", GetCookieHandler)])
+
+ def test_set_cookie(self):
+ response = self.fetch("/set")
+ self.assertEqual(response.headers.get_list("Set-Cookie"),
+ ["str=asdf; Path=/",
+ "unicode=qwer; Path=/",
+ "bytes=zxcv; Path=/"])
+
+ def test_get_cookie(self):
+ response = self.fetch("/get", headers={"Cookie": "foo=bar"})
+ self.assertEqual(response.body, b("bar"))
class AuthRedirectRequestHandler(RequestHandler):
def initialize(self, login_url):
self._cookies = Cookie.BaseCookie()
if "Cookie" in self.request.headers:
try:
- self._cookies.load(self.request.headers["Cookie"])
+ self._cookies.load(
+ escape.native_str(self.request.headers["Cookie"]))
except:
self.clear_all_cookies()
return self._cookies
See http://docs.python.org/library/cookie.html#morsel-objects
for available attributes.
"""
- name = utf8(name)
- value = utf8(value)
+ # The cookie library only accepts type str, in both python 2 and 3
+ name = escape.native_str(name)
+ value = escape.native_str(value)
if re.search(r"[\x00-\x20]", name + value):
# Don't let us accidentally inject bad stuff
raise ValueError("Invalid cookie %r: %r" % (name, value))
lines.extend([(utf8(n) + b(": ") + utf8(v)) for n, v in self._headers.iteritems()])
for cookie_dict in getattr(self, "_new_cookies", []):
for cookie in cookie_dict.values():
- lines.append(b("Set-Cookie: ") + cookie.OutputString(None))
+ lines.append(utf8("Set-Cookie: " + cookie.OutputString(None)))
return b("\r\n").join(lines) + b("\r\n\r\n")
def _log(self):