[Patches] [ python-Patches-1638033 ] Add httponly to Cookie module
SourceForge.net
noreply at sourceforge.net
Tue Jan 30 19:45:13 CET 2007
Patches item #1638033, was opened at 2007-01-17 21:07
Message generated for change (Comment added) made by arvins
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=305470&aid=1638033&group_id=5470
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: Library (Lib)
Group: Python 2.6
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Arvin Schnell (arvins)
Assigned to: Nobody/Anonymous (nobody)
Summary: Add httponly to Cookie module
Initial Comment:
Add the Microsoft extension httponly to the
Cookie module.
----------------------------------------------------------------------
>Comment By: Arvin Schnell (arvins)
Date: 2007-01-30 19:45
Message:
Logged In: YES
user_id=698939
Originator: YES
Anybody who sets a cookie with key="httponly" is likely in trouble. I
don't
know and can't check how the IE behaves in that case. But disallowing
this use
shouldn't hurt.
Use case: I would like to use the httponly attribute in Django. I think
it's
also useful for other web-frameworks.
----------------------------------------------------------------------
Comment By: John J Lee (jjlee)
Date: 2007-01-30 01:52
Message:
Logged In: YES
user_id=261020
Originator: NO
This is backwards-incompatible, no? The behaviour of Morsel.set() changes
(disallowing key="httponly") hence the behaviour of BaseCookie.__setitem__
changes.
Do you have a use case?
----------------------------------------------------------------------
Comment By: Arvin Schnell (arvins)
Date: 2007-01-19 18:01
Message:
Logged In: YES
user_id=698939
Originator: YES
Sure, I have added some documentation to the patch.
File Added: python.diff
----------------------------------------------------------------------
Comment By: Jim Jewett (jimjjewett)
Date: 2007-01-19 16:06
Message:
Logged In: YES
user_id=764593
Originator: NO
The documentation change should say what the attribute does. (It requests
the the cookie be hidden from javascript, and available only to http
requests.)
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=305470&aid=1638033&group_id=5470
More information about the Patches
mailing list