Skip to content

"SameSite" cookie feature (from issue #982) #983

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Jul 14, 2017
Merged

"SameSite" cookie feature (from issue #982) #983

merged 4 commits into from
Jul 14, 2017

Conversation

provinzkraut
Copy link
Contributor

As mentioned in #982, set_cookie() does not support the "SameSite" cookie attribute.
This is because the http.cookies module doesn't support that either.
A reason for this isn't really given. It's just that the module was based on RFC 2109 which "SameSite" is not a part of.
In the python repository changes have been made and a pull request opened (python/cpython#214) so that http.cookies could eventually support "SameSite" natively in 3.7.

However, since this is future stuff it doesn't really make a difference for bottle at the moment and i've come to the conclusion that it would be feature that's nice to have.

So i've added this feature to bottle, and updated the docs.

It doesn't to much, i just import the _reserved dict in which valid attributes for cookies are stored,
set_cookie() now supports the keyword same_site and raises aCookieErrorif the value forsame_siteisn'tstrictorlax`.

This mimics petty much what the requested change for http.cookies in 3.7 would do.

@defnull defnull merged commit 160765c into bottlepy:master Jul 14, 2017
@defnull
Copy link
Member

defnull commented Jul 14, 2017

This is a reasonable workaround. Thanks :)

We just have to remember adding a feature-gate as soon as python supports this natively.

@provinzkraut provinzkraut deleted the samesite-cookie branch July 14, 2017 11:57
@provinzkraut
Copy link
Contributor Author

It was my pleasure.. (=

I'm watching the open pull request anyway, so i'll have that in mind if the time has come.

@stalkerg stalkerg mentioned this pull request Dec 11, 2019
Open
horatio-sans-serif pushed a commit to horatio-sans-serif/bottle that referenced this pull request Jul 28, 2025
@defnull
Merge pull request bottlepy#983 from provinzkraut/samesite-cookie
feb352f 
"SameSite" cookie feature (from issue bottlepy#982)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@provinzkraut @defnull
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy