fix: 测试脚本适配 __Host- CSRF cookie

2026-04-06 14:49:21 +08:00
parent 59a60e8126
commit c2646163f2
1 changed files with 8 additions and 4 deletions
@@ -56,7 +56,11 @@ class Session:
    """Minimal cookie-aware HTTP session using stdlib only."""

    def __init__(self):
-        self.cookie_jar = http.cookiejar.CookieJar()
+        self.cookie_jar = http.cookiejar.CookieJar(
+            policy=http.cookiejar.DefaultCookiePolicy(
+                secure_protocols=("https", "http")
+            )
+        )
        self.opener = urllib.request.build_opener(
            urllib.request.HTTPCookieProcessor(self.cookie_jar)
        )
@@ -107,7 +111,7 @@ class Session:
        return self.request("DELETE", url, **kw)

    def csrf_headers(self):
-        token = self.get_cookie("XSRF-TOKEN")
+        token = self.get_cookie("__Host-XSRF-TOKEN")
        return {"xsrf-token": token} if token else {}


@@ -134,8 +138,8 @@ def phase0_health(s: Session):
    print("\n=== Phase 0: Health & CSRF ===")
    code, body, hdrs = s.get(f"{GATEWAY}/healthz")
    report("GET /healthz", code, body)
-    xsrf = s.get_cookie("XSRF-TOKEN")
-    xsrf_guard = s.get_cookie("XSRF-GUARD")
+    xsrf = s.get_cookie("__Host-XSRF-TOKEN")
+    xsrf_guard = s.get_cookie("__Host-XSRF-GUARD")
    print(f"  XSRF-TOKEN: {xsrf}")
    print(f"  XSRF-GUARD: {xsrf_guard}")
    if not xsrf: