Revert "Set cookie attributes for "security""

This reverts commit 8e7e050. The apps themselves control these attributes through SESSION_COOKIE_* config options, so it's a bit inconsistent to override this. It also means that the cookie may not be passed through for insecure HTTP on local development, which is still used by pre-award.
communitiesuk · Oct 21, 2024 · d5f2180 · d5f2180
1 parent 925b7e9
commit d5f2180
Show file tree

Hide file tree

Showing 2 changed files with 0 additions and 6 deletions.
diff --git a/fsd_utils/locale_selector/set_lang.py b/fsd_utils/locale_selector/set_lang.py
@@ -23,9 +23,6 @@ def set_language_cookie(locale: str, response: Response):
                 current_app.config["COOKIE_DOMAIN"]
             ),
             max_age=86400 * 30,  # 30 days
-            httponly=True,
-            secure=True,
-            samesite="Lax",
         )
 
     def __init__(self, app):

diff --git a/tests/test_set_lang.py b/tests/test_set_lang.py
@@ -13,6 +13,3 @@ def test_set_lang(flask_test_client):
         response_cookie = response.headers.get("Set-Cookie")
         assert response_cookie is not None, "No cookie set for language"
         assert response_cookie.split(";")[0] == ("language" + "=cy")
-        assert "Secure" in response_cookie
-        assert "HttpOnly" in response_cookie
-        assert "SameSite=Lax" in response_cookie