forked from tornadoweb/tornado
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Move from the python standard library to a parsing function copied from Django. This parser more closely matches browser behavior. The primary motivation is that differences between server-side and browser cookie parsing can lead to an XSRF bypass, as in https://hackerone.com/reports/26647. A secondary benefit is that this makes it possible to work with cookie headers containing cookies that are invalid according to the spec, which is a surprisingly common request. Closes tornadoweb#1851 Closes tornadoweb#633 Closes tornadoweb#1434 Closes tornadoweb#1176
- Loading branch information
Showing
3 changed files
with
144 additions
and
6 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters