Merge pull request #1457 from huge-success/max-age-integer

enforce integer for max-age cookie

sanic/cookies.py

@@ -2,6 +2,8 @@ import re
 import string
 
 
+DEFAULT_MAX_AGE = 0
+
 # ------------------------------------------------------------ #
 #  SimpleCookie
 # ------------------------------------------------------------ #
@@ -103,6 +105,9 @@ class Cookie(dict):
         if key not in self._keys:
             raise KeyError("Unknown cookie property")
         if value is not False:
+            if key.lower() == "max-age":
+                if not str(value).isdigit():
+                    value = DEFAULT_MAX_AGE
             return super().__setitem__(key, value)
 
     def encode(self, encoding):

tests/test_cookies.py

@@ -2,7 +2,7 @@ from datetime import datetime, timedelta
 from http.cookies import SimpleCookie
 from sanic.response import text
 import pytest
-from sanic.cookies import Cookie
+from sanic.cookies import Cookie, DEFAULT_MAX_AGE
 
 # ------------------------------------------------------------ #
 #  GET
@@ -138,7 +138,7 @@ def test_cookie_set_same_key(app):
     assert response.cookies["test"].value == "pass"
 
 
-@pytest.mark.parametrize("max_age", ["0", 30, "30"])
+@pytest.mark.parametrize("max_age", ["0", 30, 30.0, 30.1, "30", "test"])
 def test_cookie_max_age(app, max_age):
     cookies = {"test": "wait"}
 
@@ -153,7 +153,11 @@ def test_cookie_max_age(app, max_age):
     assert response.status == 200
 
     assert response.cookies["test"].value == "pass"
-    assert response.cookies["test"]["max-age"] == str(max_age)
+
+    if str(max_age).isdigit() and int(max_age) == float(max_age):
+        assert response.cookies["test"]["max-age"] == str(max_age)
+    else:
+        assert response.cookies["test"]["max-age"] == str(DEFAULT_MAX_AGE)
 
 
 @pytest.mark.parametrize(