Cannot delete cookies due to missing secure parameter

[xmcp]

Is there an existing issue for this?

• I have searched the existing issues

Describe the bug

The delete_cookie method in CookieJar lacks the secure parameter, and this parameter in its internal call to self.add_cookie default to True.

Therefore, attempts to delete a cookie in an insecure (plain HTTP) origin will be always blocked by the browser because it will set the ;Secure flag:

Code snippet

from sanic import Sanic
from sanic.response import text, redirect

app = Sanic("test")
app.config.AUTO_EXTEND = False

@app.get("/")
async def index(request):
    return text(f'logged in: {"YES" if request.cookies.get("session", None) else "NO"}')

@app.get("/login")
async def login(request):
    res = redirect('/')
    res.cookies.add_cookie('session', 'foobar', secure=False)
    return res
    
@app.get("/logout")
async def logout(request):
    res = redirect('/')
    res.cookies.delete_cookie('session')
    return res

if __name__ == '__main__':
    app.run(host='0.0.0.0', port=4321, debug=True)

1. Visit http://YOUR_IP:4321/ and the page says logged in: NO
2. Visit http://YOUR_IP:4321/login and the page says logged in: YES
3. Visit http://YOUR_IP:4321/logout and the page still says logged in: YES

Note: it is important to use the real IP address (instead of 127.0.0.1) to reproduce this bug, since 127.0.0.1 is a secure origin.

Expected Behavior

Sanic should add an optional secure parameter to delete_cookie method, so we can write something like res.cookies.delete_cookie('session', secure=False).

Then the page should say logged in: NO after visiting /logout.

How do you run Sanic?

As a script (app.run or Sanic.serve)

Operating System

Linux

Sanic Version

v23.12.1

Additional context

No response

[shaoerkuai]

Yes, if submit a secure argument Sanic will raise TypeError: delete_cookie() got an unexpected keyword argument 'secure'