Merge pull request #177 from communitiesuk/bau/secure-cookie

Set cookie attributes for "security"
communitiesuk · Oct 21, 2024 · 925b7e9 · 925b7e9
2 parents ec65273 + e2f4d21
commit 925b7e9
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 1 deletion.
diff --git a/fsd_utils/locale_selector/set_lang.py b/fsd_utils/locale_selector/set_lang.py
@@ -23,6 +23,9 @@ def set_language_cookie(locale: str, response: Response):
                 current_app.config["COOKIE_DOMAIN"]
             ),
             max_age=86400 * 30,  # 30 days
+            httponly=True,
+            secure=True,
+            samesite="Lax",
         )
 
     def __init__(self, app):

diff --git a/pyproject.toml b/pyproject.toml
@@ -5,7 +5,7 @@ build-backend = "setuptools.build_meta"
 [project]
 name = "funding-service-design-utils"
 
-version = "5.1.2"
+version = "5.1.3"
 
 authors = [
   { name="MHCLG", email="FundingService@communities.gov.uk" },

diff --git a/tests/test_set_lang.py b/tests/test_set_lang.py
@@ -13,3 +13,6 @@ def test_set_lang(flask_test_client):
         response_cookie = response.headers.get("Set-Cookie")
         assert response_cookie is not None, "No cookie set for language"
         assert response_cookie.split(";")[0] == ("language" + "=cy")
+        assert "Secure" in response_cookie
+        assert "HttpOnly" in response_cookie
+        assert "SameSite=Lax" in response_cookie