Thanks to visit codestin.com
Credit goes to github.com

Skip to content

bpo-29613: Added support for SameSite cookies #6413

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
alex merged 11 commits into from
Apr 7, 2018
Merged

bpo-29613: Added support for SameSite cookies #6413

alex merged 11 commits into from
Apr 7, 2018

Conversation

@alex
Copy link
Member

@alex alex commented Apr 7, 2018
edited by bedevere-bot
Loading

This is a rebase of #214.

Closes #214

https://bugs.python.org/issue29613

@alex alex requested a review from dstufft April 7, 2018 17:58
@alex alex mentioned this pull request Apr 7, 2018
Closed
timgraham
timgraham reviewed Apr 7, 2018
View reviewed changes
Doc/library/http.cookies.rst Outdated
setting them.

.. versionchanged:: 3.8
Added support for :attr:`samesite` attribute.
Copy link
Contributor

@timgraham timgraham Apr 7, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

for the

Doc/library/http.cookies.rst Outdated
in HTTP requests, and is not accessible through JavaScript. This is intended
to mitigate some forms of cross-site scripting.

The attribute :attr:`samesite` specifies that browser is not allowed to send the
Copy link
Contributor

@timgraham timgraham Apr 7, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"the browser"

Doc/library/http.cookies.rst Outdated
to mitigate some forms of cross-site scripting.

The attribute :attr:`samesite` specifies that browser is not allowed to send the
cookie along with cross-site requests. This help to mitigate CSRF attacks. Valid
Copy link
Contributor

@timgraham timgraham Apr 7, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

help -> helps

Lib/test/test_http_cookies.py Outdated
'Set-Cookie: Customer="WILE_E_COYOTE"; HttpOnly; Secure')

def test_samesite_attrs(self):
samesite_values = ['Strict', 'Lax']
Copy link
Contributor

@timgraham timgraham Apr 7, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Might add tests for 'strict' and 'lax' as the values are case-insensitive from what I read.

@alex
Copy link
Member Author

alex commented Apr 7, 2018

Thanks! Feedback addressed

@alex alex merged commit c87eb09 into python:master Apr 7, 2018
@alex alex deleted the samesite-cookies branch April 7, 2018 20:09
@alex
Copy link
Member Author

alex commented Apr 7, 2018

@akash0x53 I would encourage you to apply for a Google Patch Reward for your work on this: https://www.google.com/about/appsecurity/patch-rewards/

@Changaco Changaco mentioned this pull request Jun 5, 2018
Merged
@minrk minrk mentioned this pull request Jan 18, 2019
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dstufft dstufft dstufft approved these changes

+1 more reviewer

@timgraham timgraham timgraham left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@alex @dstufft @timgraham @the-knights-who-say-ni @bedevere-bot @akash0x53