bpo-29613: Added support for SameSite cookies by alex · Pull Request #6413 · python/cpython
And suggestions by members.
alex
mentioned this pull request
| setting them. | ||
|
|
||
| .. versionchanged:: 3.8 | ||
| Added support for :attr:`samesite` attribute. |
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
for the
| in HTTP requests, and is not accessible through JavaScript. This is intended | ||
| to mitigate some forms of cross-site scripting. | ||
|
|
||
| The attribute :attr:`samesite` specifies that browser is not allowed to send the |
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"the browser"
| to mitigate some forms of cross-site scripting. | ||
|
|
||
| The attribute :attr:`samesite` specifies that browser is not allowed to send the | ||
| cookie along with cross-site requests. This help to mitigate CSRF attacks. Valid |
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
help -> helps
| 'Set-Cookie: Customer="WILE_E_COYOTE"; HttpOnly; Secure') | ||
|
|
||
| def test_samesite_attrs(self): | ||
| samesite_values = ['Strict', 'Lax'] |
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Might add tests for 'strict' and 'lax' as the values are case-insensitive from what I read.
Thanks! Feedback addressed
alex
deleted the
samesite-cookies
branch
minrk
mentioned this pull request
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters