-
-
Notifications
You must be signed in to change notification settings - Fork 31.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add httponly to Cookie module #44486
Comments
Add the Microsoft extension httponly to the |
The documentation change should say what the attribute does. (It requests the the cookie be hidden from javascript, and available only to http requests.) |
Sure, I have added some documentation to the patch. File Added: python.diff |
This is backwards-incompatible, no? The behaviour of Morsel.set() changes (disallowing key="httponly") hence the behaviour of BaseCookie.__setitem__ changes. Do you have a use case? |
Anybody who sets a cookie with key="httponly" is likely in trouble. I don't Use case: I would like to use the httponly attribute in Django. I think it's |
I see. That sounds reasonable, but I won't comment on whether it should be applied since this part of module Cookie didn't really make sense to me in the first place (I explain why in my comment of 2006-12-03 16:49 in http://python.org/sf/1372650). |
Maybe you are right about the cookie module. I'm not so much into that. But I just read that Firefox 3.0 Alpha 3 finally has support for the httponly attribute (see http://www.mozilla.org/projects/firefox/3.0a3/releasenotes/) so I think it's time that Python will also have the support. |
Any word on this? I've tested the patch and it works. I'd like to use this in a Pylons application. |
Any progress on this? This patch is extremely straightforward (only The HttpOnly extension to cookies is now supported by IE, Firefox 3.0, This article explains why HttpOnly is a good way to make cross-site http://www.codinghorror.com/blog/archives/001167.htmllop I'd really like to see this patch applied to Cookie.py. |
Well, I'm sorry but this a feature request and must be delayed for (as for the patch, it would be nice if it added an unit test for the new |
To be honest, I don't see any harm in adding this now, especially since |
Well, if it's to be added then the patch should be updated to use reST. |
I have updated the diff to use reST for the docs. I removed the link to I did not add any tests for the new feature as Antoine Pitrou requested, |
The patch looks good to me and I will apply it soon if there are not Rewriting of Cookie's tests should probably be another issue. |
Ok. Applied in r66262. |
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
bugs.python.org fields:
The text was updated successfully, but these errors were encountered: