[Patches] [ python-Patches-1638033 ] Add httponly to Cookie module
SourceForge.net
noreply at sourceforge.net
Thu Feb 1 00:17:47 CET 2007
Patches item #1638033, was opened at 2007-01-17 20:07
Message generated for change (Comment added) made by jjlee
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=305470&aid=1638033&group_id=5470
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: Library (Lib)
Group: Python 2.6
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Arvin Schnell (arvins)
Assigned to: Nobody/Anonymous (nobody)
Summary: Add httponly to Cookie module
Initial Comment:
Add the Microsoft extension httponly to the
Cookie module.
----------------------------------------------------------------------
Comment By: John J Lee (jjlee)
Date: 2007-01-31 23:17
Message:
Logged In: YES
user_id=261020
Originator: NO
I see. That sounds reasonable, but I won't comment on whether it should
be applied since this part of module Cookie didn't really make sense to me
in the first place (I explain why in my comment of 2006-12-03 16:49 in
http://python.org/sf/1372650).
----------------------------------------------------------------------
Comment By: Arvin Schnell (arvins)
Date: 2007-01-30 18:45
Message:
Logged In: YES
user_id=698939
Originator: YES
Anybody who sets a cookie with key="httponly" is likely in trouble. I
don't
know and can't check how the IE behaves in that case. But disallowing
this use
shouldn't hurt.
Use case: I would like to use the httponly attribute in Django. I think
it's
also useful for other web-frameworks.
----------------------------------------------------------------------
Comment By: John J Lee (jjlee)
Date: 2007-01-30 00:52
Message:
Logged In: YES
user_id=261020
Originator: NO
This is backwards-incompatible, no? The behaviour of Morsel.set() changes
(disallowing key="httponly") hence the behaviour of BaseCookie.__setitem__
changes.
Do you have a use case?
----------------------------------------------------------------------
Comment By: Arvin Schnell (arvins)
Date: 2007-01-19 17:01
Message:
Logged In: YES
user_id=698939
Originator: YES
Sure, I have added some documentation to the patch.
File Added: python.diff
----------------------------------------------------------------------
Comment By: Jim Jewett (jimjjewett)
Date: 2007-01-19 15:06
Message:
Logged In: YES
user_id=764593
Originator: NO
The documentation change should say what the attribute does. (It requests
the the cookie be hidden from javascript, and available only to http
requests.)
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=305470&aid=1638033&group_id=5470
More information about the Patches
mailing list