Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

http.cookies HttpOnly attribute does not use suggested case-style of HTTP standard #67439

Closed
jdufresne mannequin opened this issue Jan 16, 2015 · 2 comments
Closed

http.cookies HttpOnly attribute does not use suggested case-style of HTTP standard #67439

jdufresne mannequin opened this issue Jan 16, 2015 · 2 comments
Labels
stdlib Python modules in the Lib dir type-bug An unexpected behavior, bug, or error

Comments

@jdufresne
Copy link
Mannequin

jdufresne mannequin commented Jan 16, 2015

BPO 23250
Nosy @bitdancer, @jdufresne
Files
  • http-only-case.patch: Patch to correct case and tests
    		•

    Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.

    Show more details

    GitHub fields:

    assignee = None
closed_at = <Date 2015-01-17.01:46:55.950>
created_at = <Date 2015-01-16.14:25:00.479>
labels = ['type-bug', 'library']
title = 'http.cookies HttpOnly attribute does not use suggested case-style of HTTP standard'
updated_at = <Date 2015-01-17.01:46:55.948>
user = 'https://github.com/jdufresne'

    bugs.python.org fields:

    activity = <Date 2015-01-17.01:46:55.948>
actor = 'python-dev'
assignee = 'none'
closed = True
closed_date = <Date 2015-01-17.01:46:55.950>
closer = 'python-dev'
components = ['Library (Lib)']
creation = <Date 2015-01-16.14:25:00.479>
creator = 'jdufresne'
dependencies = []
files = ['37729']
hgrepos = []
issue_num = 23250
keywords = ['patch']
message_count = 2.0
messages = ['234132', '234155']
nosy_count = 3.0
nosy_names = ['r.david.murray', 'python-dev', 'jdufresne']
pr_nums = []
priority = 'normal'
resolution = 'fixed'
stage = 'resolved'
status = 'closed'
superseder = None
type = 'behavior'
url = 'https://bugs.python.org/issue23250'
versions = ['Python 3.4', 'Python 3.5']
    @jdufresne
    Copy link
    Mannequin Author

    jdufresne mannequin commented Jan 16, 2015

    See http://tools.ietf.org/html/rfc6265#section-5.2.6

    Relevant section:

    ---

    5.2.6. The HttpOnly Attribute

    If the attribute-name case-insensitively matches the string HttpOnly", the user agent MUST append an attribute to the cookie-attribute-list with an attribute-name of HttpOnly and an empty attribute-value.

    ...

    If the cookie-attribute-list contains an attribute with an attribute-name of "HttpOnly", set the cookie's http-only-flag to true. Otherwise, set the cookie's http-only-flag to false.

    ---

    http.cookies creates this attribute as httponly not HttpOnly.

    It is true, when interpreted by the user agent, this attribute is case insensitive, but it seems odd that Python would go out of its way to purposely use a different case then stated in the standard. When looking at other web technologies, the case used in the standard is most typical. The examples in the standard also use the HttpOnly style.

    (Same applies to the Secure flag.)

    @jdufresne jdufresne mannequin added stdlib Python modules in the Lib dir type-bug An unexpected behavior, bug, or error labels Jan 16, 2015
    @python-dev
    Copy link
    Mannequin

    python-dev mannequin commented Jan 17, 2015

    New changeset 0d8380c493ad by Benjamin Peterson in branch '3.4':
    capitialize "HttpOnly" and "Secure" as they appear in the standard and other impls (closes bpo-23250)
    https://hg.python.org/cpython/rev/0d8380c493ad

    @python-dev python-dev mannequin closed this as completed Jan 17, 2015
    @ezio-melotti ezio-melotti transferred this issue from another repository Apr 10, 2022
    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
    Assignees
    No one assigned
    Labels
    stdlib Python modules in the Lib dir type-bug An unexpected behavior, bug, or error
    Projects
    None yet
    Milestone
    No milestone
    Development

    No branches or pull requests
    0 participants