From 034648c8c77fa43be8bb9158e5481a44c3bceb36 Mon Sep 17 00:00:00 2001 From: iqra-codes Date: Wed, 23 Jul 2025 03:21:54 +0530 Subject: [PATCH 1/7] Doc: Add 'None' as valid SameSite value as per RFC6265bis --- Doc/library/http.cookies.rst | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/Doc/library/http.cookies.rst b/Doc/library/http.cookies.rst index eb196320721194..ad5fd68e969bbc 100644 --- a/Doc/library/http.cookies.rst +++ b/Doc/library/http.cookies.rst @@ -148,9 +148,12 @@ Morsel Objects in HTTP requests, and is not accessible through JavaScript. This is intended to mitigate some forms of cross-site scripting. - The attribute :attr:`samesite` specifies that the browser is not allowed to - send the cookie along with cross-site requests. This helps to mitigate CSRF - attacks. Valid values for this attribute are "Strict" and "Lax". + The attribute :attr:`samesite` controls when the browser sends the cookie with + cross-site requests. This helps to mitigate CSRF attacks. Valid values are + "Strict" (never sent with cross-site requests), "Lax" (sent with top-level + navigation), and "None" (always sent). When using "None", the "secure" + attribute must also be set, as required by modern browsers per + `RFC6265bis `_. The attribute :attr:`partitioned` indicates to user agents that these cross-site cookies *should* only be available in the same top-level context From 5fa67f18a5c5ce4f6be7b8fdeaca244b5a4e912d Mon Sep 17 00:00:00 2001 From: iqra-codes Date: Fri, 25 Jul 2025 21:39:12 +0530 Subject: [PATCH 2/7] Doc: Remove reference to RFC6265bis from SameSite=None note --- Doc/library/http.cookies.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Doc/library/http.cookies.rst b/Doc/library/http.cookies.rst index ad5fd68e969bbc..d233c2a97b337e 100644 --- a/Doc/library/http.cookies.rst +++ b/Doc/library/http.cookies.rst @@ -152,8 +152,8 @@ Morsel Objects cross-site requests. This helps to mitigate CSRF attacks. Valid values are "Strict" (never sent with cross-site requests), "Lax" (sent with top-level navigation), and "None" (always sent). When using "None", the "secure" - attribute must also be set, as required by modern browsers per - `RFC6265bis `_. + attribute must also be set, as required by modern browsers. + The attribute :attr:`partitioned` indicates to user agents that these cross-site cookies *should* only be available in the same top-level context From 19ee8ccf75478d2e4485390d50bc4d575ea890ff Mon Sep 17 00:00:00 2001 From: Iqra Khan Date: Sun, 27 Jul 2025 00:08:27 +0530 Subject: [PATCH 3/7] Update Doc/library/http.cookies.rst MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Bénédikt Tran <10796600+picnixz@users.noreply.github.com> --- Doc/library/http.cookies.rst | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/Doc/library/http.cookies.rst b/Doc/library/http.cookies.rst index d233c2a97b337e..cda52a34ef8f96 100644 --- a/Doc/library/http.cookies.rst +++ b/Doc/library/http.cookies.rst @@ -150,9 +150,10 @@ Morsel Objects The attribute :attr:`samesite` controls when the browser sends the cookie with cross-site requests. This helps to mitigate CSRF attacks. Valid values are - "Strict" (never sent with cross-site requests), "Lax" (sent with top-level - navigation), and "None" (always sent). When using "None", the "secure" - attribute must also be set, as required by modern browsers. + "Strict" (only sent with same-site requests), "Lax" (sent with same-site + requests and top-level navigations), and "None" (sent with same-site and + cross-site requests). When using "None", the "secure" attribute must also + be set, as required by modern browsers. The attribute :attr:`partitioned` indicates to user agents that these From 5d8ca29ffd716414465c77723747726a499b328b Mon Sep 17 00:00:00 2001 From: iqra-codes Date: Sun, 27 Jul 2025 02:04:33 +0530 Subject: [PATCH 4/7] Doc: Update SameSite description to follow RFC wording --- Doc/library/http.cookies.rst | 2 -- 1 file changed, 2 deletions(-) diff --git a/Doc/library/http.cookies.rst b/Doc/library/http.cookies.rst index cda52a34ef8f96..3bc3be5747a93e 100644 --- a/Doc/library/http.cookies.rst +++ b/Doc/library/http.cookies.rst @@ -154,8 +154,6 @@ Morsel Objects requests and top-level navigations), and "None" (sent with same-site and cross-site requests). When using "None", the "secure" attribute must also be set, as required by modern browsers. - - The attribute :attr:`partitioned` indicates to user agents that these cross-site cookies *should* only be available in the same top-level context that the cookie was first set in. For this to be accepted by the user agent, From b2efceb912e74bd7d1ebb36bdcea5eb39e2779f4 Mon Sep 17 00:00:00 2001 From: iqra-codes Date: Sun, 27 Jul 2025 02:59:39 +0530 Subject: [PATCH 5/7] Doc: Ensure exactly one blank line after SameSite paragraph --- Doc/library/http.cookies.rst | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Doc/library/http.cookies.rst b/Doc/library/http.cookies.rst index 3bc3be5747a93e..162473909077ae 100644 --- a/Doc/library/http.cookies.rst +++ b/Doc/library/http.cookies.rst @@ -154,11 +154,12 @@ Morsel Objects requests and top-level navigations), and "None" (sent with same-site and cross-site requests). When using "None", the "secure" attribute must also be set, as required by modern browsers. + The attribute :attr:`partitioned` indicates to user agents that these cross-site cookies *should* only be available in the same top-level context that the cookie was first set in. For this to be accepted by the user agent, you **must** also set ``Secure``. - + In addition, it is recommended to use the ``__Host`` prefix when setting partitioned cookies to make them bound to the hostname and not the registrable domain. Read From ccbcdd312e892ede10a7dafdbc3e477b1d202f62 Mon Sep 17 00:00:00 2001 From: iqra-codes Date: Sun, 27 Jul 2025 13:08:37 +0530 Subject: [PATCH 6/7] Doc: Remove extra whitespace from blank line after partitioned paragraph --- Doc/library/http.cookies.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Doc/library/http.cookies.rst b/Doc/library/http.cookies.rst index 162473909077ae..9fe4ccfb68c1d0 100644 --- a/Doc/library/http.cookies.rst +++ b/Doc/library/http.cookies.rst @@ -154,7 +154,7 @@ Morsel Objects requests and top-level navigations), and "None" (sent with same-site and cross-site requests). When using "None", the "secure" attribute must also be set, as required by modern browsers. - + The attribute :attr:`partitioned` indicates to user agents that these cross-site cookies *should* only be available in the same top-level context that the cookie was first set in. For this to be accepted by the user agent, From edb3a7f3c647e27ec3f37bc89302c0c609698797 Mon Sep 17 00:00:00 2001 From: iqra-codes Date: Sun, 27 Jul 2025 13:12:09 +0530 Subject: [PATCH 7/7] Doc: Remove extra whitespace from blank line after partitioned paragraph --- Doc/library/http.cookies.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Doc/library/http.cookies.rst b/Doc/library/http.cookies.rst index 9fe4ccfb68c1d0..46efc45c5e7d96 100644 --- a/Doc/library/http.cookies.rst +++ b/Doc/library/http.cookies.rst @@ -159,7 +159,7 @@ Morsel Objects cross-site cookies *should* only be available in the same top-level context that the cookie was first set in. For this to be accepted by the user agent, you **must** also set ``Secure``. - + In addition, it is recommended to use the ``__Host`` prefix when setting partitioned cookies to make them bound to the hostname and not the registrable domain. Read pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy