fix: resolve Starlette cookie deprecation warnings

Set cookies on client instance instead of passing per-request to avoid the deprecation warning about ambiguous cookie persistence behavior. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-01 07:59:40 +00:00
parent c8f026fb2a
commit 14c68187f5
2 changed files with 3 additions and 3 deletions
--- a/tests/test_user_defaults_integration.py
+++ b/tests/test_user_defaults_integration.py
@@ -94,6 +94,7 @@ class TestFeedUserDefaults:
    ):
        """Successful feed-given saves user defaults."""
        csrf_token = "test-csrf-token"
+        client.cookies.set("csrf_token", csrf_token)
        response = client.post(
            "/actions/feed-given",
            data={
@@ -105,7 +106,6 @@ class TestFeedUserDefaults:
                "X-Oidc-Username": "ppetru",
                **make_csrf_headers(csrf_token),
            },
-            cookies={"csrf_token": csrf_token},
        )
        assert response.status_code == 200

@@ -148,6 +148,7 @@ class TestFeedUserDefaults:
    ):
        """Unknown users are rejected by auth middleware."""
        csrf_token = "test-csrf-token"
+        client.cookies.set("csrf_token", csrf_token)
        response = client.post(
            "/actions/feed-given",
            data={
@@ -159,7 +160,6 @@ class TestFeedUserDefaults:
                "X-Oidc-Username": "unknown_user",
                **make_csrf_headers(csrf_token),
            },
-            cookies={"csrf_token": csrf_token},
        )
        # Unknown user is rejected by auth middleware
        assert response.status_code == 401
--- a/tests/test_web_app.py
+++ b/tests/test_web_app.py
@@ -127,6 +127,7 @@ class TestAppWithTestClient:
    def test_csrf_with_valid_tokens_succeeds(self, client):
        """POST with matching CSRF tokens proceeds."""
        csrf_token = "test-csrf-token-123"
+        client.cookies.set("csrf_token", csrf_token)
        resp = client.post(
            "/",
            headers={
@@ -134,7 +135,6 @@ class TestAppWithTestClient:
                "X-CSRF-Token": csrf_token,
                "Origin": "http://testserver",
            },
-            cookies={"csrf_token": csrf_token},
        )
        # Should get through CSRF check (200 or 405 if method not allowed)
        # The key is it shouldn't be 403 CSRF error