This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

classification
Title: Backport Cookie fix to 2.7 (httponly / secure flag)
Type: behavior Stage: resolved
Components: Library (Lib) Versions: Python 2.7
process
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: berker.peksag Nosy List: berker.peksag, florianpilz, methane, python-dev, r.david.murray
Priority: normal Keywords: patch

Created on 2013-12-03 07:27 by florianpilz, last changed 2022-04-11 14:57 by admin. This issue is now closed.

Files
File name Uploaded Description Edit
issue19870.diff berker.peksag, 2014-01-21 17:34
Messages (6)
msg205078 - (view) Author: Florian Pilz (florianpilz) Date: 2013-12-03 07:27
Until Python 3.3.3 the Cookie library did not support the httponly and secure flag (see Issue 16611). Therefore the library is not RFC conform until then, so I think there should be a backport into 2.7 and maybe 3.2 as well.
msg205105 - (view) Author: R. David Murray (r.david.murray) * (Python committer) Date: 2013-12-03 12:07
I'm not sure why that fix was not backported, so I think it should be OK to do so.

3.2 is in security fix only mode.  No one argued that it was a securty issue when it was fixed in 3.3.
msg208676 - (view) Author: Berker Peksag (berker.peksag) * (Python committer) Date: 2014-01-21 17:34
Here's a backport of issue 16611 for 2.7.
msg220974 - (view) Author: Inada Naoki (methane) * (Python committer) Date: 2014-06-19 13:51
Could someone review this?
While this is not a regression or bug, I think this is an important
feature when writing HTTP clients.
msg220981 - (view) Author: R. David Murray (r.david.murray) * (Python committer) Date: 2014-06-19 14:15
If it really wasn't a bug, we couldn't backport it.  However, we generally treat RFC non-compliance issues as bugs unless fixing them is disruptive (and this one isn't because I took care to maintain backward compatibility in the original patch), so it is OK to fix it.

Since this is a backport and fairly straightforward, Berker can just commit it once he's up and running with his push privileges.
msg222084 - (view) Author: Roundup Robot (python-dev) (Python triager) Date: 2014-07-02 07:48
New changeset 0ba6ebd90b9d by Berker Peksag in branch '2.7':
Issue #19870: BaseCookie now parses 'secure' and 'httponly' flags.
http://hg.python.org/cpython/rev/0ba6ebd90b9d
History
Date User Action Args
2022-04-11 14:57:54adminsetgithub: 64069
2014-07-02 07:50:04berker.peksagsetstatus: open -> closed
resolution: fixed
stage: commit review -> resolved
2014-07-02 07:48:40python-devsetnosy: + python-dev
messages: + msg222084
2014-06-26 19:08:50berker.peksagsetassignee: berker.peksag
stage: patch review -> commit review
2014-06-19 14:15:00r.david.murraysetmessages: + msg220981
2014-06-19 13:51:30methanesetnosy: + methane
messages: + msg220974
2014-02-05 18:37:57berker.peksaglinkissue1028088 superseder
2014-01-21 17:34:12berker.peksagsetfiles: + issue19870.diff

versions: - Python 3.3
keywords: + patch
nosy: + berker.peksag

messages: + msg208676
stage: patch review
2013-12-03 12:07:01r.david.murraysetnosy: + r.david.murray
messages: + msg205105
2013-12-03 07:27:08florianpilzcreate