[issue22796] Support for httponly/secure cookies reintroduced lax parsing behavior
Antoine Pitrou
report at bugs.python.org
Tue Nov 4 19:34:36 CET 2014
Antoine Pitrou added the comment:
The security issue isn't easy to explain, it involves an elaborated set of services (browser, Web site...) each having a slightly different notion of cookie parsing to mount an attack allowing to bypass CSRF protection on certain Python-powered frameworks. It's from a report made to security at p.o.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue22796>
_______________________________________
More information about the Python-bugs-list
mailing list