Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow configuring or disabling max cookie size check #1109

Merged
merged 3 commits into from
Apr 18, 2017
Merged

Allow configuring or disabling max cookie size check #1109

merged 3 commits into from
Apr 18, 2017

Conversation

davidism
Copy link
Member

Continue #780

  • use arg instead of const for dump_cookie max_size
  • add max_cookie_size attr to BaseResponse
  • add changelog

@davidism davidism self-assigned this Apr 18, 2017
@davidism
use arg instead of const for dump_cookie max_size
d044aa4 
add max_cookie_size attr to BaseResponse
add changelog for #780
untitaker
untitaker reviewed Apr 18, 2017
View reviewed changes
werkzeug/wrappers.py
@@ -1072,15 +1083,11 @@ def set_cookie(self, key, value='', max_age=None, expires=None,
extension to the cookie standard and probably not
supported by all browsers.
"""
self.headers.add('Set-Cookie', dump_cookie(key,
value=value,

This comment was marked as off-topic.

Sign in to view

@untitaker
Copy link
Contributor

LGTM, might need a testcase for custom values though

@davidism
Copy link
Member Author

The error is slightly confusing because you can pass 4093 bytes as the value and still get the error, since the options are added to the payload. I don't think we need to change it, just pointing it out.

@untitaker
Copy link
Contributor

untitaker commented Apr 18, 2017 via email

@davidism
Copy link
Member Author

Maybe this should be a warning? Could use a filter to turn it into an error in Flask debug mode.

@davidism
Copy link
Member Author

davidism commented Apr 18, 2017
edited
Loading

How about detecting the before and after version, then warning

The "{key}" cookie is too large: the value was {value_size} bytes but encoding the header required {header_size - value_size} extra bytes. The final size was {header_size} but the limit is {max} bytes. Browsers may silently ignore cookies larger than this.

@untitaker
Copy link
Contributor

untitaker commented Apr 18, 2017 via email

@davidism davidism merged commit fbfa21e into pallets:master Apr 18, 2017
@davidism davidism mentioned this pull request Apr 18, 2017
Merged
@davidism davidism deleted the max-cookie-size branch April 18, 2017 18:25
@Jaza
Copy link
Contributor

Jaza commented Apr 19, 2017

Thanks @davidism for making this configurable, there should be need to override the limit of 4k per cookie in most cases, but yes, some people might want to change it.

@davidism davidism added this to the 0.13 milestone Dec 5, 2017
This was referenced Dec 7, 2017
Closed
Merged
Merged
Closed
Merged
Closed
Merged
Merged
Merged
Closed
Merged
Closed
This was referenced Jan 5, 2018
Closed
Open
Closed
Open
Closed
Merged
Open
Closed
Closed
Closed
Closed
Closed
Open
This was referenced Jan 15, 2018
Closed
Closed
@pyup-bot pyup-bot mentioned this pull request Jan 22, 2018
Closed
This was referenced Jan 29, 2018
Closed
Closed
This was referenced Feb 5, 2018
Closed
Closed
Closed
Closed
This was referenced Feb 13, 2018
Closed
Closed
Closed
This was referenced Feb 26, 2018
Closed
Closed
@pyup-bot pyup-bot mentioned this pull request Mar 5, 2018
Closed
@davidism davidism mentioned this pull request Apr 10, 2018
Merged
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Nov 13, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@untitaker untitaker untitaker left review comments

Assignees

@davidism davidism

Labels
None yet
Projects
None yet
Milestone
0.13
Development

Successfully merging this pull request may close these issues.
3 participants
@davidism @untitaker @Jaza