self.write(self.xsrf_token)
def get_app_kwargs(self):
- return dict(xsrf_cookies=True, xsrf_cookie_kwargs=dict(httponly=True))
+ return dict(
+ xsrf_cookies=True, xsrf_cookie_kwargs=dict(httponly=True, expires_days=2)
+ )
def test_xsrf_httponly(self):
response = self.fetch("/")
self.assertIn("httponly;", response.headers["Set-Cookie"].lower())
+ self.assertIn("expires=", response.headers["Set-Cookie"].lower())
+ header = response.headers.get("Set-Cookie")
+ match = re.match(".*; expires=(?P<expires>.+);.*", header)
+ assert match is not None
+
+ expires = datetime.datetime.utcnow() + datetime.timedelta(days=2)
+ parsed = email.utils.parsedate(match.groupdict()["expires"])
+ assert parsed is not None
+ header_expires = datetime.datetime(*parsed[:6])
+ self.assertTrue(abs((expires - header_expires).total_seconds()) < 10)
class FinishExceptionTest(SimpleHandlerTestCase):
else:
raise ValueError("unknown xsrf cookie version %d", output_version)
if version is None:
- expires_days = 30 if self.current_user else None
- self.set_cookie(
- "_xsrf",
- self._xsrf_token,
- expires_days=expires_days,
- **cookie_kwargs
- )
+ if self.current_user and "expires_days" not in cookie_kwargs:
+ cookie_kwargs["expires_days"] = 30
+ self.set_cookie("_xsrf", self._xsrf_token, **cookie_kwargs)
return self._xsrf_token
def _get_raw_xsrf_token(self) -> Tuple[Optional[int], bytes, float]:
projects / thirdparty / tornado.git / commitdiff
