Closed
Description
api server: Django3.0.2
client test: dio: 3.0.8 and http: ^0.12.0
I test login , code like this:
import 'package:dio/dio.dart';
import 'package:http/http.dart' as http;
import 'package:flutter_test/flutter_test.dart';
void main() {
test('tes django login view', () async {
try {
// dio GET
Response response = await Dio().get("http://localhost:8000/login/form/");
var token = response.data['form']['csrfmiddlewaretoken'];
Map<String, dynamic> headers = new Map();
headers['Cookie'] = "csrftoken=$token";
Options options = new Options(headers: headers);
FormData _formData = FormData.fromMap({
"csrfmiddlewaretoken": token,
"username": "user",
"password": "pass",
});
// http POST
var response3 =
await http.post("http://localhost:8000/admin/login/", headers: {'Cookie': "csrftoken=$token"}, body: {
"csrfmiddlewaretoken": token,
"username": "user",
"password": "pass",
});
print(response3.headers);
// dio POST
Response response2 = await Dio().post(
"http://localhost:8000/admin/login/",
data: _formData,
options: options);
print(response2.statusCode);
} on DioError catch (e) {
print(e.response.headers);
}
});
}
http response.headers
{set-cookie: csrftoken=MFtHG4hE6oykFfQT5AaSkElF6S4H27bDV5inj3R9puhL3TjbnUyMm7f04z01BJSg; expires=Thu, 07 Jan 2021 12:05:07 GMT; Max-Age=31449600; Path=/; SameSite=Lax,sessionid=i61c6ywod07tnr0k0lvz3tvimc7zrgyv; expires=Thu, 23 Jan 2020 12:05:07 GMT; HttpOnly; Max-Age=1209600; Path=/; SameSite=Lax, location: /, cache-control: max-age=0, no-cache, no-store, must-revalidate, private, date: Thu, 09 Jan 2020 12:05:07 GMT, vary: Cookie, content-length: 0, x-frame-options: DENY, content-type: text/html; charset=utf-8, x-content-type-options: nosniff, server: WSGIServer/0.2 CPython/3.7.6, expires: Thu, 09 Jan 2020 12:05:07 GMT}
dio response.headers
set-cookie: csrftoken=w5MntTzt0TLzC7S2pMNXkBwgEA4gBr1jom2kUWdAu7IADeU2CnJtx7iQt9A4AIeR; expires=Thu, 07 Jan 2021 12:05:07 GMT; Max-Age=31449600; Path=/; SameSite=Lax
set-cookie: sessionid=q7orsy8koxk7beok8gjmqibf9jm8odn1; expires=Thu, 23 Jan 2020 12:05:07 GMT; HttpOnly; Max-Age=1209600; Path=/; SameSite=Lax
location: /
cache-control: max-age=0, no-cache, no-store, must-revalidate, private
date: Thu, 09 Jan 2020 12:05:07 GMT
vary: Cookie
content-length: 0
x-frame-options: DENY
content-type: text/html; charset=utf-8
x-content-type-options: nosniff
server: WSGIServer/0.2 CPython/3.7.6
expires: Thu, 09 Jan 2020 12:05:07 GMT
I found dio response.headers have two set-cookie, but http response.headers only have one! the bug cause by SameSite=Lax,sessionid=i61c6ywod07tnr0k0lvz3tvimc7zrgyv; ''in http response.headers, this caused me not to parse set-cookie correctly
I test use chrome browser, response.headers follow and have two Set-Cookie:
Cache-Control: max-age=0, no-cache, no-store, must-revalidate, private
Content-Length: 0
Content-Type: text/html; charset=utf-8
Date: Thu, 09 Jan 2020 12:08:49 GMT
Expires: Thu, 09 Jan 2020 12:08:49 GMT
Location: /admin/
Server: WSGIServer/0.2 CPython/3.7.6
Set-Cookie: csrftoken=DNJgrZqU6vqXwUP0jUiizADUBgQx4JhiSEb6Cyv0ugh787w6HKs8GhyTrte5ZE6N; expires=Thu, 07 Jan 2021 12:08:49 GMT; Max-Age=31449600; Path=/; SameSite=Lax
Set-Cookie: sessionid=0dth5wsuvzvmy5up7353hfzr94nujyei; expires=Thu, 23 Jan 2020 12:08:49 GMT; HttpOnly; Max-Age=1209600; Path=/; SameSite=Lax
Vary: Cookie
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
Metadata
Metadata
Assignees
Labels
No labels