[Patches] [ python-Patches-1638033 ] Add httponly to Cookie module
SourceForge.net
noreply at sourceforge.net
Sun Aug 5 21:42:54 CEST 2007
Patches item #1638033, was opened at 2007-01-17 22:07
Message generated for change (Comment added) made by adalx
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=305470&aid=1638033&group_id=5470
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: Library (Lib)
Group: Python 2.6
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Arvin Schnell (arvins)
Assigned to: Nobody/Anonymous (nobody)
Summary: Add httponly to Cookie module
Initial Comment:
Add the Microsoft extension httponly to the
Cookie module.
----------------------------------------------------------------------
Comment By: Adal Chiriliuc (adalx)
Date: 2007-08-05 22:42
Message:
Logged In: YES
user_id=1067739
Originator: NO
Any word on this? I've tested the patch and it works. I'd like to use this
in a Pylons application.
----------------------------------------------------------------------
Comment By: Arvin Schnell (arvins)
Date: 2007-03-24 21:13
Message:
Logged In: YES
user_id=698939
Originator: YES
Maybe you are right about the cookie module. I'm not so much into that.
But I just read that Firefox 3.0 Alpha 3 finally has support for the
httponly attribute (see
http://www.mozilla.org/projects/firefox/3.0a3/releasenotes/) so I think
it's time that Python will also have the support.
----------------------------------------------------------------------
Comment By: John J Lee (jjlee)
Date: 2007-02-01 01:17
Message:
Logged In: YES
user_id=261020
Originator: NO
I see. That sounds reasonable, but I won't comment on whether it should
be applied since this part of module Cookie didn't really make sense to me
in the first place (I explain why in my comment of 2006-12-03 16:49 in
http://python.org/sf/1372650).
----------------------------------------------------------------------
Comment By: Arvin Schnell (arvins)
Date: 2007-01-30 20:45
Message:
Logged In: YES
user_id=698939
Originator: YES
Anybody who sets a cookie with key="httponly" is likely in trouble. I
don't
know and can't check how the IE behaves in that case. But disallowing
this use
shouldn't hurt.
Use case: I would like to use the httponly attribute in Django. I think
it's
also useful for other web-frameworks.
----------------------------------------------------------------------
Comment By: John J Lee (jjlee)
Date: 2007-01-30 02:52
Message:
Logged In: YES
user_id=261020
Originator: NO
This is backwards-incompatible, no? The behaviour of Morsel.set() changes
(disallowing key="httponly") hence the behaviour of BaseCookie.__setitem__
changes.
Do you have a use case?
----------------------------------------------------------------------
Comment By: Arvin Schnell (arvins)
Date: 2007-01-19 19:01
Message:
Logged In: YES
user_id=698939
Originator: YES
Sure, I have added some documentation to the patch.
File Added: python.diff
----------------------------------------------------------------------
Comment By: Jim Jewett (jimjjewett)
Date: 2007-01-19 17:06
Message:
Logged In: YES
user_id=764593
Originator: NO
The documentation change should say what the attribute does. (It requests
the the cookie be hidden from javascript, and available only to http
requests.)
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=305470&aid=1638033&group_id=5470
More information about the Patches
mailing list