Ticket #5911 enhancement new

Opened 9 months ago

Last modified 9 months ago

Support the 'HttpOnly' flag when setting cookies

Reported by: reed Owned by: reed
Priority: normal Milestone:
Component: web Keywords:
Cc: jknight Branch:
Author: Launchpad Bug:

Description

The Twisted 'web' module doesn't support the addition of the 'HttpOnly' flag when setting a cookie.

 http://www.owasp.org/index.php/HTTPOnly

Attachments

support_httponly_flag.diff Download (1.3 KB) - added by reed 9 months ago.
Add support for HttpOnly flag in cookies
support_httponly_flag.2.diff Download (2.6 KB) - added by reed 9 months ago.
Same as above but includes a test

Change History

1

Changed 9 months ago by DefaultCC Plugin

  • cc jknight added

Changed 9 months ago by reed

Add support for HttpOnly flag in cookies

2

Changed 9 months ago by reed

  • keywords review added

While Python has supported the 'HttpOnly' flag in cookies for quite a while ( http://bugs.python.org/issue1638033), it doesn't look like there's a 'httponly' attribute, at least according to  http://docs.python.org/library/cookielib.html#cookie-objects. I will follow-up with that to see if that's true, and if so, get it fixed upstream.

New patch with a test coming up.

Changed 9 months ago by reed

Same as above but includes a test

3

Changed 9 months ago by therve

  • owner set to reed
  • keywords review removed

Thanks for your patch! There is one main problem:

1. Your test doesn't match your change. The test applies to the client, not server Request.addCookie.

Note: See TracTickets for help on using tickets.