misc: add SameSite cookie attribute (fix for erroneous merge) (#52356)

tests/form_pages/test_all.py

@@ -5014,14 +5014,14 @@ def test_session_cookie_flags(pub):
     app = get_app(pub)
     resp = app.get('/test/', status=200)
     assert resp.headers['Set-Cookie'].startswith('sessionid-')
-    assert 'httponly' in resp.headers['Set-Cookie']
-    assert not 'secure' in resp.headers['Set-Cookie']
+    assert 'HttpOnly' in resp.headers['Set-Cookie']
+    assert 'Secure' not in resp.headers['Set-Cookie']
 
     app = get_app(pub, https=True)
     resp = app.get('/test/', status=200)
     assert resp.headers['Set-Cookie'].startswith('sessionid-')
-    assert 'httponly' in resp.headers['Set-Cookie']
-    assert 'secure' in resp.headers['Set-Cookie']
+    assert 'HttpOnly' in resp.headers['Set-Cookie']
+    assert 'Secure' in resp.headers['Set-Cookie']
 
 
 def test_form_page_profile_verified_prefill(pub):

tests/test_saml_auth.py

@@ -530,7 +530,7 @@ def test_opened_session_cookie(pub):
     assert list(cookie_store.keys()) == [cookie_name]
     assert 'Secure' in resp.headers['Set-Cookie']
     assert 'HttpOnly' in resp.headers['Set-Cookie']
-    assert 'SameSite=Strict' in resp.headers['Set-Cookie']
+    assert 'SameSite=None' in resp.headers['Set-Cookie']
     assert 'path=/' in resp.headers['Set-Cookie']
     assert resp.status_int == 302
     assert (

tests/utilities.py

@@ -1,5 +1,6 @@
 import email.header
 import email.parser
+import http.cookies
 import json
 import os
 import random
@@ -26,6 +27,9 @@ from wcs.roles import Role
 from wcs.tracking_code import TrackingCode
 from wcs.users import User
 
+# required for Python <3.8
+http.cookies.Morsel._reserved.setdefault('samesite', 'SameSite')
+
 wcs.middleware.AfterJobsMiddleware.ASYNC = False