Skip to content

bpo-29613: Added support for SameSite cookies #6413

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
alex merged 11 commits into from
Apr 7, 2018
Merged

bpo-29613: Added support for SameSite cookies #6413

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
89c0821
bpo-29613: Added support for SameSite cookies
akash0x53 Feb 21, 2017
3f1b130
Documented SameSite
akash0x53 Feb 21, 2017
7d69cd9
Missing space :(
akash0x53 Feb 21, 2017
b585315
Updated News and contributors
akash0x53 Feb 21, 2017
81446f6
Added version changed details.
akash0x53 Feb 22, 2017
21d0bda
Fix in documentation
akash0x53 Feb 22, 2017
cc06dd1
fix in documentation
akash0x53 Feb 22, 2017
dc750c3
Clubbed test cases for same attribute into single.
akash0x53 Feb 22, 2017
d496c01
Updates
alex Apr 7, 2018
dcd0afa
Style nits + expand tests
alex Apr 7, 2018
9259d2e
review feedback
alex Apr 7, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
review feedback
  • Loading branch information
@alex
alex committed Apr 7, 2018
commit 9259d2e401b6ed17ba7361897ff2dd0e18c23929
9 changes: 4 additions & 5 deletions Doc/library/http.cookies.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -143,10 +143,9 @@ Morsel Objects
in HTTP requests, and is not accessible through JavaScript. This is intended
to mitigate some forms of cross-site scripting.

The attribute :attr:`samesite` specifies that browser is not allowed to send the
cookie along with cross-site requests. This help to mitigate CSRF attacks. Valid
values for this attribute are "Strict" and "Lax".

The attribute :attr:`samesite` specifies that the browser is not allowed to
send the cookie along with cross-site requests. This helps to mitigate CSRF
attacks. Valid values for this attribute are "Strict" and "Lax".

The keys are case-insensitive and their default value is ``''``.

Expand All @@ -160,7 +159,7 @@ Morsel Objects
setting them.

.. versionchanged:: 3.8
Added support for :attr:`samesite` attribute.
Added support for the :attr:`samesite` attribute.


.. attribute:: Morsel.value
Expand Down
2 changes: 1 addition & 1 deletion Lib/test/test_http_cookies.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -122,7 +122,7 @@ def test_set_secure_httponly_attrs(self):
'Set-Cookie: Customer="WILE_E_COYOTE"; HttpOnly; Secure')

def test_samesite_attrs(self):
samesite_values = ['Strict', 'Lax']
samesite_values = ['Strict', 'Lax', 'strict', 'lax']
for val in samesite_values:
with self.subTest(val=val):
C = cookies.SimpleCookie('Customer="WILE_E_COYOTE"')
Expand Down