Skip to content

gh-136992: Add 'None' as valid SameSite value as per RFC6265bis #137040

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

gh-136992: Add 'None' as valid SameSite value as per RFC6265bis #137040

wants to merge 5 commits into from
+8 −5

Conversation

iqra-codes
Copy link

@iqra-codes iqra-codes commented Jul 23, 2025
edited by bedevere-app bot
Loading

This PR adds missing documentation for the samesite attribute in the http.cookies module.

While the attribute was already listed among valid Morsel attributes, it lacked an explanation. This change adds clear and complete documentation explaining:

-The attribute’s role in CSRF protection.

-The valid values: "Strict", "Lax", and "None".

-The requirement that "secure" must be set when using "SameSite=None".

This update brings the documentation in line with RFC6265bis and reflects current browser behaviour.

📚 Documentation preview 📚: https://cpython-previews--137040.org.readthedocs.build/

@python-cla-bot
Copy link

python-cla-bot bot commented Jul 23, 2025
edited
Loading

All commit authors signed the Contributor License Agreement.

CLA signed

@bedevere-app bedevere-app bot added awaiting review docs Documentation in the Doc dir skip news labels Jul 23, 2025
@github-project-automation github-project-automation bot moved this to Todo in Docs PRs Jul 23, 2025
@brianschubert brianschubert changed the title Doc: Add 'None' as valid SameSite value as per RFC6265bis gh-136992: Add 'None' as valid SameSite value as per RFC6265bis Jul 23, 2025
@bedevere-app bedevere-app bot mentioned this pull request Jul 23, 2025
Open
ZeroIntensity
ZeroIntensity reviewed Jul 23, 2025
View reviewed changes
Copy link
Member

@ZeroIntensity ZeroIntensity left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The change looks good to me, but please run pre-commit to fix the failing lint job.

@ZeroIntensity ZeroIntensity added needs backport to 3.13 bugs and security fixes needs backport to 3.14 bugs and security fixes labels Jul 23, 2025
ZeroIntensity
ZeroIntensity approved these changes Jul 24, 2025
View reviewed changes
Copy link
Member

@ZeroIntensity ZeroIntensity left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

For future reference, you don't need to force push; we squash at the end.

@iqra-codes
Copy link
Author

Thanks for the heads-up! I’ll avoid force-pushing next time.

ZeroIntensity
ZeroIntensity reviewed Jul 24, 2025
View reviewed changes
picnixz
picnixz reviewed Jul 25, 2025
View reviewed changes
picnixz
picnixz reviewed Jul 25, 2025
View reviewed changes
iqra-codes and others added 2 commits July 27, 2025 00:08
@iqra-codes @picnixz
Update Doc/library/http.cookies.rst
19ee8cc 
Co-authored-by: Bénédikt Tran <10796600+picnixz@users.noreply.github.com>
@iqra-codes
Doc: Update SameSite description to follow RFC wording
5d8ca29
picnixz
picnixz reviewed Jul 26, 2025
View reviewed changes
picnixz
picnixz reviewed Jul 26, 2025
View reviewed changes
picnixz
picnixz reviewed Jul 26, 2025
View reviewed changes
picnixz
picnixz reviewed Jul 26, 2025
View reviewed changes
Doc/library/http.cookies.rst
The attribute :attr:`partitioned` indicates to user agents that these
cross-site cookies *should* only be available in the same top-level context
that the cookie was first set in. For this to be accepted by the user agent,
you **must** also set ``Secure``.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Well.. now we have three spaces here...

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed unintended spaces in blank line .

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Once you're done with this line I'll merge (probably tomorrow)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@picnixz picnixz picnixz left review comments

@ZeroIntensity ZeroIntensity ZeroIntensity approved these changes

Assignees
No one assigned
Labels
awaiting merge docs Documentation in the Doc dir needs backport to 3.13 bugs and security fixes needs backport to 3.14 bugs and security fixes skip news
Projects
Docs PRs
Status: Todo
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@iqra-codes @picnixz @ZeroIntensity
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy