Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bugfix accept additional attributes to the delete cookie #1889

Merged
merged 1 commit into from Oct 14, 2020
Merged

Bugfix accept additional attributes to the delete cookie #1889

merged 1 commit into from Oct 14, 2020

Conversation

pgjones
Copy link
Member

@pgjones pgjones commented Jul 14, 2020

Recent browser changes mean that cookies will not be set if they have
the wrong combination of attributes e.g. SameSite none and not
secure. This also affects deletion which itself is a set cookie
command.

Only the SameSite and secure attributes are required, however it seems
more useful to accept all the possibilities for other edge cases.

See also https://chromestatus.com/feature/5633521622188032

See also https://www.thinktecture.com/en/identity/samesite/how-to-delete-samesite-cookies/

@davidism davidism added this to the 2.0.0 milestone Jul 17, 2020
@pgjones pgjones mentioned this pull request Aug 10, 2020
Merged
@darcatron
Copy link

Thoughts on updating the test server's method in this PR as well?

werkzeug/src/werkzeug/test.py

Line 886 in b45ac05

def delete_cookie(self, server_name, key, path="/", domain=None):

The changes to the test server should be identical so it'll be cleaner all together rather than separate PRs.

These changes look good to me and are necessary for pallets/flask#3726.

@pgjones
Copy link
Member Author

pgjones commented Oct 7, 2020

@darcatron thanks, I've done so.

@pgjones pgjones requested a review from davidism October 7, 2020 17:16
davidism
davidism reviewed Oct 7, 2020
View reviewed changes
Copy link
Member

@davidism davidism left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Needs a changelog, otherwise looks fine.

src/werkzeug/wrappers/base_response.py Outdated Show resolved Hide resolved
@pgjones pgjones requested a review from davidism October 7, 2020 17:25
@pgjones @davidism
match delete_cookie arguments with set_cookie
7483127 
Recent browser changes mean that cookies will not be set if they have
the wrong combination of attributes e.g. SameSite none and not
secure. This also affects deletion which itself is a set cookie
command.

Only the SameSite and secure attributes are required, however it seems
more useful to accept all the possibilities for other edge cases.

See also https://chromestatus.com/feature/5633521622188032
@davidism davidism merged commit 99790b8 into pallets:master Oct 14, 2020
@pgjones
Copy link
Member Author

pgjones commented Oct 14, 2020

Thanks 🎉

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Nov 13, 2020
@pgjones pgjones deleted the delete_cookie branch June 11, 2022 09:50
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@teymour-aldridge teymour-aldridge teymour-aldridge left review comments

@davidism davidism davidism approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
2.0.0
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@pgjones @darcatron @davidism @teymour-aldridge