From 2a2310387409f8190fa834efe730f2df948e29f0 Mon Sep 17 00:00:00 2001 From: raylu Date: Fri, 13 Jan 2017 13:46:41 -0800 Subject: [PATCH] default cookie path to / the behavior of set-cookie with no path is surprising: https://tools.ietf.org/html/rfc6265#section-4.1.2.4 many other frameworks that aren't called bottlepy do this too: https://github.com/pallets/werkzeug/blob/760a4a95375d1d404b516fd89c2f5dd5c15cf419/werkzeug/wrappers.py#L1034 https://github.com/tornadoweb/tornado/blob/38e493ed4a55e424e5485bd3ffc3c6ccb8a71843/tornado/web.py#L529 https://github.com/cherrypy/cherrypy/blob/2c00069684e3973a79ae6c2ed0433dae8e813602/cherrypy/lib/sessions.py#L856 https://github.com/django/django/blob/544b2ef29f0f2577912f88cf746ae0ca5877b5f8/django/http/response.py#L176 --- pigwig/request_response.py | 2 +- pigwig/tests/test_request_response.py | 17 +++++++++++++++++ 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/pigwig/request_response.py b/pigwig/request_response.py index b399387..0a38d25 100644 --- a/pigwig/request_response.py +++ b/pigwig/request_response.py @@ -108,7 +108,7 @@ def __init__(self, body=None, code=200, content_type='text/plain', location=None headers.extend(extra_headers) self.headers = headers - def set_cookie(self, key, value, domain=None, path=None, expires=None, max_age=None, secure=False, http_only=False): + def set_cookie(self, key, value, domain=None, path='/', expires=None, max_age=None, secure=False, http_only=False): ''' adds a Set-Cookie header diff --git a/pigwig/tests/test_request_response.py b/pigwig/tests/test_request_response.py index 8abe00d..e5106b9 100644 --- a/pigwig/tests/test_request_response.py +++ b/pigwig/tests/test_request_response.py @@ -22,6 +22,23 @@ def test_json(self): self.assertGreater(len(chunks), 1) self.assertEqual(b''.join(chunks), json.dumps(big_obj).encode()) + def test_cookie(self): + app = PigWig([]) + r = Response() + r.set_cookie('cow', 'moo') + r.set_cookie('duck', 'quack', path='/pond') + + cookies = http.cookies.SimpleCookie() + for header, value in r.headers: + if header == 'Set-Cookie': + cookies.load(value) + + req = Request(app, None, None, None, None, None, cookies, None) + self.assertEqual(req.cookies['cow'].value, 'moo') + self.assertEqual(req.cookies['cow']['path'], '/') + self.assertEqual(req.cookies['duck'].value, 'quack') + self.assertEqual(req.cookies['duck']['path'], '/pond') + def test_secure_cookie(self): app = PigWig([], cookie_secret=b'a|b') req = Request(app, None, None, None, None, None, None, None)