Skip to content

test: Assert HttpOnly is unset on a minimal cookie#2025

Merged
vdusek merged 1 commit into
apify:masterfrom
anxkhn:test/fix-cookie-httponly-assertion-typo
Jul 6, 2026
Merged

test: Assert HttpOnly is unset on a minimal cookie#2025
vdusek merged 1 commit into
apify:masterfrom
anxkhn:test/fix-cookie-httponly-assertion-typo

Conversation

@anxkhn

@anxkhn anxkhn commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

test_set_basic_cookie meant to check that a minimal cookie leaves HttpOnly
unset, but the assertion looked up the wrong attribute key:

assert not cookie.has_nonstandard_attr('httpOnpy')

'httpOnpy' is a typo (l -> p) for 'HttpOnly'. Cookies never carry the
misspelled key, so has_nonstandard_attr('httpOnpy') is always False and
assert not False passed unconditionally. The assertion therefore validated
nothing: a regression that wrongly set HttpOnly on a minimal cookie would not be
caught.

This corrects the key to 'HttpOnly', which is how the flag is actually stored and
read in src/crawlee/sessions/_cookies.py (rest={'HttpOnly': ''} when
http_only is set, read back via cookie.has_nonstandard_attr('HttpOnly')), and
matches the sibling assertion in test_set_cookie_with_all_attributes. The check
now genuinely asserts the minimal-cookie default.

-    assert not cookie.has_nonstandard_attr('httpOnpy')
+    assert not cookie.has_nonstandard_attr('HttpOnly')

Issues

  • No related issue. Self-identified while reading the session-cookie tests.

Testing

  • uv run pytest tests/unit/sessions/test_cookies.py - passes (8 passed).
  • uv run pytest tests/unit/sessions/ - passes (30 passed).
  • uv run poe lint - passes.
  • uv run poe type-check - no new diagnostics from this change.
  • Verified the assertion now has teeth: temporarily forcing the source to always
    set HttpOnly on minimal cookies makes the corrected assertion fail (red),
    whereas the old httpOnpy assertion still passed. On unmodified source it passes
    (green).

Checklist

  • CI passed

The HttpOnly-default assertion in test_set_basic_cookie checked the
nonstandard attribute 'httpOnpy', a typo for 'HttpOnly'. Since a cookie
never carries the misspelled key, has_nonstandard_attr('httpOnpy') is
always False and 'assert not ...' passed unconditionally, so the test
never verified that a minimal cookie leaves HttpOnly off.

Use the correct 'HttpOnly' key (matching how _cookies.py stores and
reads the flag, and the sibling assertion in
test_set_cookie_with_all_attributes) so the check actually validates the
default.
@vdusek vdusek merged commit 02da367 into apify:master Jul 6, 2026
35 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants