Fixed #31790 -- Fixed setting SameSite and Secure cookies flags in HttpResponse.delete_cookie().

Cookies with the "SameSite" flag set to None and without the "secure"
flag will be soon rejected by latest browser versions.

This affects sessions and messages cookies.

1 files changed, 4 insertions, 2 deletions

diff --git a/tests/sessions_tests/tests.py b/tests/sessions_tests/tests.py
index 6c6d7dd3f2..248dae82aa 100644
--- a/tests/sessions_tests/tests.py
+++ b/tests/sessions_tests/tests.py
@@ -758,8 +758,9 @@ class SessionMiddlewareTests(TestCase):
         #  Set-Cookie: sessionid=; expires=Thu, 01 Jan 1970 00:00:00 GMT; Max-Age=0; Path=/
         self.assertEqual(
             'Set-Cookie: {}=""; expires=Thu, 01 Jan 1970 00:00:00 GMT; '
-            'Max-Age=0; Path=/'.format(
+            'Max-Age=0; Path=/; SameSite={}'.format(
                 settings.SESSION_COOKIE_NAME,
+                settings.SESSION_COOKIE_SAMESITE,
             ),
             str(response.cookies[settings.SESSION_COOKIE_NAME])
         )
@@ -789,8 +790,9 @@ class SessionMiddlewareTests(TestCase):
         #              Path=/example/
         self.assertEqual(
             'Set-Cookie: {}=""; Domain=.example.local; expires=Thu, '
-            '01 Jan 1970 00:00:00 GMT; Max-Age=0; Path=/example/'.format(
+            '01 Jan 1970 00:00:00 GMT; Max-Age=0; Path=/example/; SameSite={}'.format(
                 settings.SESSION_COOKIE_NAME,
+                settings.SESSION_COOKIE_SAMESITE,
             ),
             str(response.cookies[settings.SESSION_COOKIE_NAME])
         )