8000 Added support for SameSite cookies. by akash0x53 · Pull Request #409 · webpy/webpy · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Added support for SameSite cookies. #409

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 4 commits into from
Closed

Added support for SameSite cookies. #409

wants to merge 4 commits into from

Conversation

akash0x53
Copy link
Contributor
@akash0x53 akash0x53 commented Feb 21, 2017
edited
Loading

Good to mitigate against CSRF attacks. SameSite cookies are mentioned
in draft https://tools.ietf.org/html/draft-west-first-party-cookies-07

Fix for issue #410

@akash0x53
Copy link
Contributor Author

@anandology Please review & comment.

@anandology
Copy link
Member

@akash0x53 Did you notice my comment about string concatenation?

@akash0x53
Copy link
Contributor Author
akash0x53 commented Feb 27, 2017
edited
Loading

Nope. I can guess comment should be about this value += '; SameSite=' + samesite. Will use placeholder

akash0x53
akash0x53 commented Mar 3, 2017
View reviewed changes
web/webapi.py
morsel["httponly"] = True
value = morsel.OutputString()
if samesite and samesite.lower() in ['strict', 'lax']:
samesite_attr = "; SameSite=%s" % samesite
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good to go? @anandology

@akash0x53
Copy link
Contributor Author

SameSite support PR open for Django too.
https://github.com/django/django/pull/8380/files

@akash0x53
Copy link
Contributor Author

Any update on this PR?

@jzellman
Copy link
Contributor

👍 Looks good to me, @akash0x53 maybe squash down to a single commit?

@iredmail iredmail mentioned this pull request Sep 16, 2019
Merged
iredmail added a commit that referenced this pull request Sep 16, 2019
@iredmail
Remove legacy code and improve cookie support (#527)
651ea42 
* Remove py2.3 support.
* Replace `attr in obj.keys()` by `attr in obj`.
* Set default cookie expire time to session timeout.
* Add support for SameSite cookie.

Fixes #521
Fixes #61 #99 #337
Fixes #409 #410
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@akash0x53 @anandology @jzellman
0