Tighten Quart response handling

Cr1stal · Cr1stal · commit 47207055eeb9 · 2026-06-01T00:10:30.000+12:00
diff --git a/examples/quart/async_app.py b/examples/quart/async_app.py
@@ -26,6 +26,7 @@ async def endpoint():
     api.run(host="0.0.0.0", port=int(os.environ.get("PORT", 3000)))
 
 
+# Requires Python 3.9+
 # pip install -r requirements.txt
 # export SLACK_SIGNING_SECRET=***
 # export SLACK_BOT_TOKEN=xoxb-***
diff --git a/examples/quart/async_oauth_app.py b/examples/quart/async_oauth_app.py
@@ -36,6 +36,7 @@ async def oauth_redirect():
     api.run(host="0.0.0.0", port=int(os.environ.get("PORT", 3000)))
 
 
+# Requires Python 3.9+
 # pip install -r requirements.txt
 
 # # -- OAuth flow -- #
diff --git a/examples/quart/requirements.txt b/examples/quart/requirements.txt
@@ -1 +1,2 @@
+# Requires Python 3.9+
 quart>=0.20,<1
diff --git a/slack_bolt/adapter/quart/async_handler.py b/slack_bolt/adapter/quart/async_handler.py
@@ -36,13 +36,14 @@ async def to_quart_response(bolt_resp: BoltResponse) -> Response:
 
     for cookie in bolt_resp.cookies():
         for name, c in cookie.items():
+            max_age = int(c["max-age"]) if c.get("max-age") else None
             resp.set_cookie(
                 key=name,
                 value=c.value,
-                max_age=c.get("max-age"),
-                expires=c.get("expires"),
-                path=c.get("path"),
-                domain=c.get("domain"),
+                max_age=max_age,
+                expires=c.get("expires") or None,
+                path=c.get("path") or None,
+                domain=c.get("domain") or None,
                 secure=True,
                 httponly=True,
             )
diff --git a/tests/adapter_tests_async/test_async_quart.py b/tests/adapter_tests_async/test_async_quart.py
@@ -8,6 +8,7 @@
 from slack_sdk.signature import SignatureVerifier
 from slack_sdk.web.async_client import AsyncWebClient
 
+from slack_bolt import BoltResponse
 from slack_bolt.app.async_app import AsyncApp
 from slack_bolt.oauth.async_oauth_settings import AsyncOAuthSettings
 from tests.mock_web_api_server import (
@@ -20,7 +21,7 @@
 pytestmark = pytest.mark.skipif(sys.version_info < (3, 9), reason="Quart requires Python 3.9+")
 
 if sys.version_info >= (3, 9):
-    from slack_bolt.adapter.quart.async_handler import AsyncSlackRequestHandler
+    from slack_bolt.adapter.quart.async_handler import AsyncSlackRequestHandler, to_quart_response
     from quart import Quart, request
 
 
@@ -275,6 +276,64 @@ async def test_url_verification(self):
         assert json.loads(await response.get_data(as_text=True)) == {"challenge": input["challenge"]}
         assert_auth_test_count(self, 0)
 
+    @pytest.mark.asyncio
+    async def test_to_quart_response_preserves_multi_value_headers_and_content_type(self):
+        api = Quart(__name__)
+        async with api.app_context():
+            response = await to_quart_response(
+                BoltResponse(
+                    status=201,
+                    body="created",
+                    headers={
+                        "content-type": "application/custom",
+                        "x-bolt-test": ["one", "two"],
+                    },
+                )
+            )
+
+        assert response.status_code == 201
+        assert await response.get_data(as_text=True) == "created"
+        assert response.headers.get("content-type") == "application/custom"
+        assert response.headers.getlist("x-bolt-test") == ["one", "two"]
+
+    @pytest.mark.asyncio
+    async def test_to_quart_response_preserves_cookie_attributes(self):
+        api = Quart(__name__)
+        async with api.app_context():
+            response = await to_quart_response(
+                BoltResponse(
+                    status=200,
+                    body="",
+                    headers={
+                        "set-cookie": [
+                            "session=abc; Max-Age=60; Path=/install; Domain=example.com",
+                            "bare=xyz",
+                        ],
+                    },
+                )
+            )
+
+        set_cookie_headers = response.headers.getlist("set-cookie")
+        assert len(set_cookie_headers) == 2
+
+        session_cookie = set_cookie_headers[0]
+        assert "session=abc" in session_cookie
+        assert "Domain=example.com" in session_cookie
+        assert "Max-Age=60" in session_cookie
+        assert "Path=/install" in session_cookie
+        assert "Secure" in session_cookie
+        assert "HttpOnly" in session_cookie
+        assert "Expires=;" not in session_cookie
+
+        bare_cookie = set_cookie_headers[1]
+        assert "bare=xyz" in bare_cookie
+        assert "Secure" in bare_cookie
+        assert "HttpOnly" in bare_cookie
+        assert "Domain=" not in bare_cookie
+        assert "Expires=" not in bare_cookie
+        assert "Max-Age=" not in bare_cookie
+        assert "Path=" not in bare_cookie
+
     @pytest.mark.asyncio
     async def test_not_found(self):
         app = self.build_app()

Original file line number	Diff line number	Diff line change
`@@ -1 +1,2 @@`
	`1`	`+# Requires Python 3.9+`
`1`	`2`	`quart>=0.20,<1`