fix: resolve Starlette cookie deprecation warnings
Set cookies on client instance instead of passing per-request to avoid the deprecation warning about ambiguous cookie persistence behavior. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
@@ -94,6 +94,7 @@ class TestFeedUserDefaults:
|
|||||||
):
|
):
|
||||||
"""Successful feed-given saves user defaults."""
|
"""Successful feed-given saves user defaults."""
|
||||||
csrf_token = "test-csrf-token"
|
csrf_token = "test-csrf-token"
|
||||||
|
client.cookies.set("csrf_token", csrf_token)
|
||||||
response = client.post(
|
response = client.post(
|
||||||
"/actions/feed-given",
|
"/actions/feed-given",
|
||||||
data={
|
data={
|
||||||
@@ -105,7 +106,6 @@ class TestFeedUserDefaults:
|
|||||||
"X-Oidc-Username": "ppetru",
|
"X-Oidc-Username": "ppetru",
|
||||||
**make_csrf_headers(csrf_token),
|
**make_csrf_headers(csrf_token),
|
||||||
},
|
},
|
||||||
cookies={"csrf_token": csrf_token},
|
|
||||||
)
|
)
|
||||||
assert response.status_code == 200
|
assert response.status_code == 200
|
||||||
|
|
||||||
@@ -148,6 +148,7 @@ class TestFeedUserDefaults:
|
|||||||
):
|
):
|
||||||
"""Unknown users are rejected by auth middleware."""
|
"""Unknown users are rejected by auth middleware."""
|
||||||
csrf_token = "test-csrf-token"
|
csrf_token = "test-csrf-token"
|
||||||
|
client.cookies.set("csrf_token", csrf_token)
|
||||||
response = client.post(
|
response = client.post(
|
||||||
"/actions/feed-given",
|
"/actions/feed-given",
|
||||||
data={
|
data={
|
||||||
@@ -159,7 +160,6 @@ class TestFeedUserDefaults:
|
|||||||
"X-Oidc-Username": "unknown_user",
|
"X-Oidc-Username": "unknown_user",
|
||||||
**make_csrf_headers(csrf_token),
|
**make_csrf_headers(csrf_token),
|
||||||
},
|
},
|
||||||
cookies={"csrf_token": csrf_token},
|
|
||||||
)
|
)
|
||||||
# Unknown user is rejected by auth middleware
|
# Unknown user is rejected by auth middleware
|
||||||
assert response.status_code == 401
|
assert response.status_code == 401
|
||||||
|
|||||||
@@ -127,6 +127,7 @@ class TestAppWithTestClient:
|
|||||||
def test_csrf_with_valid_tokens_succeeds(self, client):
|
def test_csrf_with_valid_tokens_succeeds(self, client):
|
||||||
"""POST with matching CSRF tokens proceeds."""
|
"""POST with matching CSRF tokens proceeds."""
|
||||||
csrf_token = "test-csrf-token-123"
|
csrf_token = "test-csrf-token-123"
|
||||||
|
client.cookies.set("csrf_token", csrf_token)
|
||||||
resp = client.post(
|
resp = client.post(
|
||||||
"/",
|
"/",
|
||||||
headers={
|
headers={
|
||||||
@@ -134,7 +135,6 @@ class TestAppWithTestClient:
|
|||||||
"X-CSRF-Token": csrf_token,
|
"X-CSRF-Token": csrf_token,
|
||||||
"Origin": "http://testserver",
|
"Origin": "http://testserver",
|
||||||
},
|
},
|
||||||
cookies={"csrf_token": csrf_token},
|
|
||||||
)
|
)
|
||||||
# Should get through CSRF check (200 or 405 if method not allowed)
|
# Should get through CSRF check (200 or 405 if method not allowed)
|
||||||
# The key is it shouldn't be 403 CSRF error
|
# The key is it shouldn't be 403 CSRF error
|
||||||
|
|||||||
Reference in New Issue
Block a user