bpo-29613: Added support for SameSite cookies (GH-6413)
* bpo-29613: Added support for SameSite cookies
Implemented as per draft
https://tools.ietf.org/html/draft-west-first-party-cookies-07
* Documented SameSite
And suggestions by members.
* Missing space :(
* Updated News and contributors
* Added version changed details.
* Fix in documentation
* fix in documentation
* Clubbed test cases for same attribute into single.
* Updates
* Style nits + expand tests
* review feedback
diff --git a/Lib/http/cookies.py b/Lib/http/cookies.py
index 7e0259e..4a44db8 100644
--- a/Lib/http/cookies.py
+++ b/Lib/http/cookies.py
@@ -281,6 +281,7 @@
"secure" : "Secure",
"httponly" : "HttpOnly",
"version" : "Version",
+ "samesite" : "SameSite",
}
_flags = {'secure', 'httponly'}
diff --git a/Lib/test/test_http_cookies.py b/Lib/test/test_http_cookies.py
index 2ff6902..447f883 100644
--- a/Lib/test/test_http_cookies.py
+++ b/Lib/test/test_http_cookies.py
@@ -121,6 +121,19 @@
self.assertEqual(C.output(),
'Set-Cookie: Customer="WILE_E_COYOTE"; HttpOnly; Secure')
+ def test_samesite_attrs(self):
+ samesite_values = ['Strict', 'Lax', 'strict', 'lax']
+ for val in samesite_values:
+ with self.subTest(val=val):
+ C = cookies.SimpleCookie('Customer="WILE_E_COYOTE"')
+ C['Customer']['samesite'] = val
+ self.assertEqual(C.output(),
+ 'Set-Cookie: Customer="WILE_E_COYOTE"; SameSite=%s' % val)
+
+ C = cookies.SimpleCookie()
+ C.load('Customer="WILL_E_COYOTE"; SameSite=%s' % val)
+ self.assertEqual(C['Customer']['samesite'], val)
+
def test_secure_httponly_false_if_not_present(self):
C = cookies.SimpleCookie()
C.load('eggs=scrambled; Path=/bacon')