From db4d65f8be1627223707185edac7181584425149 Mon Sep 17 00:00:00 2001
From: Lukas Komischke <lukas.komischke@ameos.de>
Date: Wed, 18 Jun 2025 09:02:01 +0200
Subject: [PATCH] Fixed #36467 -- Removed leading whitespaces from Set-Cookie
 header values in WSGIHandler.

This also aligned the Set-Cookie logic in the WSGIHandler and ASGIHandler.

Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
---
 django/core/handlers/asgi.py |  4 +---
 django/core/handlers/wsgi.py |  2 +-
 tests/wsgi/tests.py          | 13 +++++++++++++
 tests/wsgi/urls.py           |  7 +++++++
 4 files changed, 22 insertions(+), 4 deletions(-)

diff --git a/django/core/handlers/asgi.py b/django/core/handlers/asgi.py
index 0d305c9a87..10d18b60eb 100644
--- a/django/core/handlers/asgi.py
+++ b/django/core/handlers/asgi.py
@@ -320,9 +320,7 @@ class ASGIHandler(base.BaseHandler):
                 value = value.encode("latin1")
             response_headers.append((bytes(header), bytes(value)))
         for c in response.cookies.values():
-            response_headers.append(
-                (b"Set-Cookie", c.output(header="").encode("ascii").strip())
-            )
+            response_headers.append((b"Set-Cookie", c.OutputString().encode("ascii")))
         # Initial response message.
         await send(
             {
diff --git a/django/core/handlers/wsgi.py b/django/core/handlers/wsgi.py
index 9324af083e..1161fda86b 100644
--- a/django/core/handlers/wsgi.py
+++ b/django/core/handlers/wsgi.py
@@ -128,7 +128,7 @@ class WSGIHandler(base.BaseHandler):
         status = "%d %s" % (response.status_code, response.reason_phrase)
         response_headers = [
             *response.items(),
-            *(("Set-Cookie", c.output(header="")) for c in response.cookies.values()),
+            *(("Set-Cookie", c.OutputString()) for c in response.cookies.values()),
         ]
         start_response(status, response_headers)
         if getattr(response, "file_to_stream", None) is not None and environ.get(
diff --git a/tests/wsgi/tests.py b/tests/wsgi/tests.py
index 39d72d7697..cbc7e79663 100644
--- a/tests/wsgi/tests.py
+++ b/tests/wsgi/tests.py
@@ -49,6 +49,19 @@ class WSGITest(SimpleTestCase):
             ],
         )
 
+    def test_wsgi_cookies(self):
+        response_data = {}
+
+        def start_response(status, headers):
+            response_data["headers"] = headers
+
+        application = get_wsgi_application()
+        environ = self.request_factory._base_environ(
+            PATH_INFO="/cookie/", REQUEST_METHOD="GET"
+        )
+        application(environ, start_response)
+        self.assertIn(("Set-Cookie", "key=value; Path=/"), response_data["headers"])
+
     def test_file_wrapper(self):
         """
         FileResponse uses wsgi.file_wrapper.
diff --git a/tests/wsgi/urls.py b/tests/wsgi/urls.py
index b924adea41..970130624a 100644
--- a/tests/wsgi/urls.py
+++ b/tests/wsgi/urls.py
@@ -6,7 +6,14 @@ def helloworld(request):
     return HttpResponse("Hello World!")
 
 
+def cookie(request):
+    response = HttpResponse("Hello World!")
+    response.set_cookie("key", "value")
+    return response
+
+
 urlpatterns = [
     path("", helloworld),
+    path("cookie/", cookie),
     path("file/", lambda x: FileResponse(open(__file__, "rb"))),
 ]