Fixed #27611 -- Doc'd that CSRF_COOKIE_HTTPONLY setting offers no security.

tests/check_framework/test_security.py

@@ -192,48 +192,6 @@ class CheckCSRFCookieSecureTest(SimpleTestCase):
         self.assertEqual(self.func(None), [])
 
 
-class CheckCSRFCookieHttpOnlyTest(SimpleTestCase):
-    @property
-    def func(self):
-        from django.core.checks.security.csrf import check_csrf_cookie_httponly
-        return check_csrf_cookie_httponly
-
-    @override_settings(
-        MIDDLEWARE=["django.middleware.csrf.CsrfViewMiddleware"],
-        CSRF_COOKIE_HTTPONLY=False)
-    def test_with_csrf_cookie_httponly_false(self):
-        """
-        Warn if CsrfViewMiddleware is in MIDDLEWARE but
-        CSRF_COOKIE_HTTPONLY isn't True.
-        """
-        self.assertEqual(self.func(None), [csrf.W017])
-
-    @override_settings(
-        MIDDLEWARE=["django.middleware.csrf.CsrfViewMiddleware"],
-        CSRF_USE_SESSIONS=True,
-        CSRF_COOKIE_HTTPONLY=False)
-    def test_use_sessions_with_csrf_cookie_httponly_false(self):
-        """
-        No warning if CSRF_COOKIE_HTTPONLY isn't True while CSRF_USE_SESSIONS
-        is True.
-        """
-        self.assertEqual(self.func(None), [])
-
-    @override_settings(MIDDLEWARE=[], MIDDLEWARE_CLASSES=[], CSRF_COOKIE_HTTPONLY=False)
-    def test_with_csrf_cookie_httponly_false_no_middleware(self):
-        """
-        No warning if CsrfViewMiddleware isn't in MIDDLEWARE, even if
-        CSRF_COOKIE_HTTPONLY is False.
-        """
-        self.assertEqual(self.func(None), [])
-
-    @override_settings(
-        MIDDLEWARE=["django.middleware.csrf.CsrfViewMiddleware"],
-        CSRF_COOKIE_HTTPONLY=True)
-    def test_with_csrf_cookie_httponly_true(self):
-        self.assertEqual(self.func(None), [])
-
-
 class CheckSecurityMiddlewareTest(SimpleTestCase):
     @property
     def func(self):