Added support for SameSite cookies. by akash0x53 · Pull Request #409

Added support for SameSite cookies. by akash0x53 · Pull Request #409 · webpy/webpy

Closed

akash0x53 wants to merge 4 commits intowebpy:masterfrom

akash0x53:cookie-fixes

Closed

Added support for SameSite cookies.#409
akash0x53 wants to merge 4 commits intowebpy:masterfrom
akash0x53:cookie-fixes

Conversation

Copy link Copy Markdown

Contributor

akash0x53 commented
Feb 21, 2017
•

edited

Loading

Good to mitigate against CSRF attacks. SameSite cookies are mentioned
in draft https://tools.ietf.org/html/draft-west-first-party-cookies-07

Fix for issue #410

Copy link Copy Markdown

Contributor Author

akash0x53 commented
Feb 25, 2017

@anandology Please review & comment.

Copy link Copy Markdown

Member

anandology commented
Feb 27, 2017

@akash0x53 Did you notice my comment about string concatenation?

Copy link Copy Markdown

Contributor Author

akash0x53 commented
Feb 27, 2017
•

edited

Loading

Nope. I can guess comment should be about this value += '; SameSite=' + samesite. Will use placeholder

akash0x53 added 4 commits

February 28, 2017 21:51

Added support for SameSite cookies.

848b786

Good to mitigate against CSRF attacks. `SameSite` cookies are mentioned
in draft https://tools.ietf.org/html/draft-west-first-party-cookies-07

basestring not there in Py3

2823e52

Following Good practice

9666145

Improvement in concatenation

61053e8

akash0x53 force-pushed the cookie-fixes branch from 6508aca to 61053e8 Compare

February 28, 2017 16:29

akash0x53 commented Mar 3, 2017

View reviewed changes

web/webapi.py

		morsel["httponly"] = True
		value = morsel.OutputString()
		if samesite and samesite.lower() in ['strict', 'lax']:
		samesite_attr = "; SameSite=%s" % samesite

Copy link Copy Markdown

Contributor Author

akash0x53
Mar 3, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good to go? @anandology

Copy link Copy Markdown

Contributor Author

akash0x53 commented
May 4, 2017

SameSite support PR open for Django too.
https://github.com/django/django/pull/8380/files

Copy link Copy Markdown

Contributor Author

akash0x53 commented
Jun 27, 2017

Any update on this PR?

Copy link Copy Markdown

Contributor

jzellman commented
Jul 10, 2017

👍 Looks good to me, @akash0x53 maybe squash down to a single commit?

iredmail mentioned this pull request

Sep 16, 2019

Remove legacy code and improve cookie support #527

Merged

iredmail closed this in #527

Sep 16, 2019

iredmail added a commit that referenced this pull request

Sep 16, 2019

Remove legacy code and improve cookie support (#527)

651ea42

* Remove py2.3 support.
* Replace `attr in obj.keys()` by `attr in obj`.
* Set default cookie expire time to session timeout.
* Add support for SameSite cookie.

Fixes #521
Fixes #61 #99 #337
Fixes #409 #410

Labels

None yet

Navigation Menu

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Added support for SameSite cookies.#409
akash0x53 wants to merge 4 commits intowebpy:masterfrom
akash0x53:cookie-fixes

Conversation