Skip to content

"SameSite" cookie feature (from issue #982) #983

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
defnull merged 4 commits into from
Jul 14, 2017
Merged

"SameSite" cookie feature (from issue #982) #983

defnull merged 4 commits into from
Jul 14, 2017

Conversation

@provinzkraut
Copy link
Contributor

@provinzkraut provinzkraut commented Jul 13, 2017

As mentioned in #982, set_cookie() does not support the "SameSite" cookie attribute.
This is because the http.cookies module doesn't support that either.
A reason for this isn't really given. It's just that the module was based on RFC 2109 which "SameSite" is not a part of.
In the python repository changes have been made and a pull request opened (python/cpython#214) so that http.cookies could eventually support "SameSite" natively in 3.7.

However, since this is future stuff it doesn't really make a difference for bottle at the moment and i've come to the conclusion that it would be feature that's nice to have.

So i've added this feature to bottle, and updated the docs.

It doesn't to much, i just import the _reserved dict in which valid attributes for cookies are stored,
set_cookie() now supports the keyword same_site and raises aCookieErrorif the value forsame_siteisn'tstrictorlax`.

This mimics petty much what the requested change for http.cookies in 3.7 would do.

@defnull defnull merged commit 160765c into bottlepy:master Jul 14, 2017
@defnull
Copy link
Member

defnull commented Jul 14, 2017

This is a reasonable workaround. Thanks :)

We just have to remember adding a feature-gate as soon as python supports this natively.

@provinzkraut provinzkraut deleted the samesite-cookie branch July 14, 2017 11:57
@provinzkraut
Copy link
Contributor Author

provinzkraut commented Jul 14, 2017

It was my pleasure.. (=

I'm watching the open pull request anyway, so i'll have that in mind if the time has come.

@stalkerg stalkerg mentioned this pull request Dec 11, 2019
Open
horatio-sans-serif pushed a commit to horatio-sans-serif/bottle that referenced this pull request Jul 28, 2025
@defnull
Merge pull request bottlepy#983 from provinzkraut/samesite-cookie
feb352f 
"SameSite" cookie feature (from issue bottlepy#982)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@provinzkraut @defnull