Commit 4d6f0f26 authored by Gary Wilson Jr's avatar Gary Wilson Jr
Browse files

Fixed #6657 -- Don't set secure attribute on cookie if `secure=False` is passed, thanks Gulopine. 


git-svn-id: http://code.djangoproject.com/svn/django/trunk@7204 bcc190cf-cafb-0310-a4f2-bffc1f526a37
parent 444b7b28

django/http/__init__.py

+11 −5
Original line number Diff line number Diff line
@@ -314,12 +314,18 @@ class HttpResponse(object): 
    def get(self, header, alternate):

        return self._headers.get(header.lower(), (None, alternate))[1]



    def set_cookie(self, key, value='', max_age=None, expires=None, path='/', domain=None, secure=None):

    def set_cookie(self, key, value='', max_age=None, expires=None, path='/', domain=None, secure=False):

        self.cookies[key] = value

        for var in ('max_age', 'path', 'domain', 'secure', 'expires'):

            val = locals()[var]

            if val is not None:

                self.cookies[key][var.replace('_', '-')] = val

        if max_age is not None:

            self.cookies[key]['max-age'] = max_age

        if expires is not None:

            self.cookies[key]['expires'] = expires

        if path is not None:

            self.cookies[key]['path'] = path

        if domain is not None:

            self.cookies[key]['domain'] = domain

        if secure:

            self.cookies[key]['secure'] = True



    def delete_cookie(self, key, path='/', domain=None):

        self.set_cookie(key, max_age=0, path=path, domain=domain,