summaryrefslogtreecommitdiffstats
path: root/Lib/http/cookies.py
Commit message (Collapse)AuthorAgeFilesLines
* bpo-991266: Fix quoting of Comment attribute of SimpleCookie (GH-6555)Berker Peksag2018-04-221-0/+2
|
* Removed a confusing line from a docstring in http.cookies (GH-6482)Alex Gaynor2018-04-151-2/+1
| | | There's no reason a cookie should _ever_ contain pickled data. That's just asking for a critical security vulnerability. Back in Python2 there were helpers for doing that, but they're no more in Python3. Now coded_value is used when the value needs to be encoded for any reason.
* bpo-29613: Added support for SameSite cookies (GH-6413)Alex Gaynor2018-04-071-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | * bpo-29613: Added support for SameSite cookies Implemented as per draft https://tools.ietf.org/html/draft-west-first-party-cookies-07 * Documented SameSite And suggestions by members. * Missing space :( * Updated News and contributors * Added version changed details. * Fix in documentation * fix in documentation * Clubbed test cases for same attribute into single. * Updates * Style nits + expand tests * review feedback
* Issue #29192: Removed deprecated features in the http.cookies module.Serhiy Storchaka2017-01-131-29/+1
|
* Issue #22493: Inline flags now should be used only at the start of theSerhiy Storchaka2016-09-111-2/+1
| | | | | regular expression. Deprecation warning is emitted if uses them in the middle of the regular expression.
* #27364: fix "incorrect" uses of escape character in the stdlib.R David Murray2016-09-081-1/+1
| | | | | | | And most of the tools. Patch by Emanual Barry, reviewed by me, Serhiy Storchaka, and Martin Panter.
* Issue #27076: Doc, comment and tests spelling fixesMartin Panter2016-05-261-1/+1
| | | | Most fixes to Doc/ and Lib/ directories by Ville Skyttä.
* Issue #26302: Correctly identify comma as an invalid character for a cookie ↵Anish Shah2016-02-071-1/+1
| | | | (correcting regression in Python 3.5).
* merge 3.4 (#22931)Benjamin Peterson2015-05-231-3/+4
|\
| * merge 3.3 (#22931)Benjamin Peterson2015-05-231-3/+4
| |\
| | * merge 3.2 (#22931)Benjamin Peterson2015-05-231-3/+4
| | |\
| | | * allow square brackets in cookie values (closes #22931)Benjamin Peterson2015-05-231-3/+4
| | | |
| | | * Lax cookie parsing in http.cookies could be a security issue when combinedAntoine Pitrou2014-09-161-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | with non-standard cookie handling in some Web browsers. Reported by Sergey Bobrov.
* | | | #2211: properly document the Morsel behavior changes.R David Murray2015-03-291-1/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Also deprecate the undocumented set argument instead of removing it already in 3.5. Initial patch by Demian Brecht.
* | | | Restored backward compatibility of pickling http.cookies.Morsel. It wasSerhiy Storchaka2015-03-181-0/+12
| | | | | | | | | | | | | | | | broken after converting instance attributes to properies in issue #2211.
* | | | Issue #2211: Updated the implementation of the http.cookies.Morsel class.Serhiy Storchaka2015-03-181-86/+94
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Setting attributes key, value and coded_value directly now is deprecated. update() and setdefault() now transform and check keys. Comparing for equality now takes into account attributes key, value and coded_value. copy() now returns a Morsel, not a dict. repr() now contains all attributes. Optimized checking keys and quoting values. Added new tests. Original patch by Demian Brecht.
* | | | merge 3.4 (#22986)Benjamin Peterson2015-01-171-2/+2
|\ \ \ \ | |/ / /
| * | | capitialize "HttpOnly" and "Secure" as they appear in the standard and other ↵Benjamin Peterson2015-01-171-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | impls (closes #23250) Patch by Jon Dufresne.
* | | | Issue #22796: HTTP cookie parsing is now stricter, in order to protect ↵Antoine Pitrou2014-11-211-15/+41
|/ / / | | | | | | | | | against potential injection attacks.
* | | Issue #22775: Fixed unpickling of http.cookies.SimpleCookie with protocol 2Serhiy Storchaka2014-11-021-2/+6
|/ / | | | | | | and above. Patch by Tim Graham.
* | Lax cookie parsing in http.cookies could be a security issue when combinedAntoine Pitrou2014-09-161-1/+2
| | | | | | | | | | | | with non-standard cookie handling in some Web browsers. Reported by Sergey Bobrov.
* | Issue #19936: Added executable bits or shebang lines to Python scripts whichSerhiy Storchaka2014-01-161-3/+0
| | | | | | | | | | | | | | requires them. Disable executable bits and shebang lines in test and benchmark files in order to prevent using a random system python, and in source files of modules which don't provide command line interface. Fixed shebang line to use python3 executable in the unittestgui script.
* | #16611: BaseCookie now parses 'secure' and 'httponly' flags.R David Murray2013-08-251-10/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | Previously it generated them if they were given a value, but completely ignored them if they were present in the string passed in to be parsed. Now if the flag appears on a cookie, the corresponding Morsel key will reference a True value. Other pre-existing behavior is retained in this maintenance patch: if the source contains something like 'secure=foo', morsel['secure'] will return 'foo'. Since such a value doesn't round trip and never did (and would be a surprising occurrence) a subsequent non-bug-fix patch may change this behavior. Inspired by a patch from Julien Phalip, who reviewed this one.
* | merge - Fix for issue14426 - buildbots here I comeSenthil Kumaran2012-05-201-1/+1
|\ \ | |/
| * Fix for issue14426 - buildbots here I comeSenthil Kumaran2012-05-201-1/+1
| |
* | Issue #14426: Correct the Date format in Expires attribute of Set-Cookie. ↵Senthil Kumaran2012-05-201-1/+1
|\ \ | |/ | | | | Patch by Federico Reghenzani and Müte Invert
| * Issue #14426: Correct the Date format in Expires attribute of Set-Cookie. ↵Senthil Kumaran2012-05-201-1/+1
| | | | | | | | Patch by Federico Reghenzani and Müte Invert
* | Fix Issue2193 - Allow ":" character in Cookie NAME valuesSenthil Kumaran2012-04-221-1/+1
|/
* #9824: encode , and ; in cookie values so that browsers don't split on themR. David Murray2010-12-281-0/+5
| | | | | | | | There is a small chance of backward incompatibility here, but only for non-SimpleCookie applications reading SimpleCookie generated cookies. Even then, any such ap is likely to be handling escaped values already, and it would take a fairly perverse implementation of unescaping to fail to unescape these newly escaped chars, so the risk seems minimal.
* #1513299: cleanup some map() uses where a comprehension works better.Georg Brandl2010-12-041-1/+1
|
* #8826: the "expires" attribute value is a date string with spaces, but ↵Georg Brandl2010-08-011-0/+2
| | | | apparently not all user-agents put it in quotes. Handle that as a special case.
* #3788: more tests for http.cookies, now at 95% coverage. Also bring coding ↵Georg Brandl2010-07-311-110/+103
| | | | style in the module up to PEP 8, where it does not break backwards compatibility.
* convert shebang lines: python -> python3Benjamin Peterson2010-03-111-1/+1
|
* Merged revisions ↵Benjamin Peterson2009-09-111-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 74277,74321,74323,74326,74355,74465,74467,74488,74492,74513,74531,74549,74553,74625,74632,74643-74644,74647,74652,74666,74671,74727,74739 via svnmerge from svn+ssh://pythondev@svn.python.org/python/trunk ........ r74277 | sean.reifschneider | 2009-08-01 18:54:55 -0500 (Sat, 01 Aug 2009) | 3 lines - Issue #6624: yArg_ParseTuple with "s" format when parsing argument with NUL: Bogus TypeError detail string. ........ r74321 | guilherme.polo | 2009-08-05 11:51:41 -0500 (Wed, 05 Aug 2009) | 1 line Easier reference to find (at least while svn continues being used). ........ r74323 | guilherme.polo | 2009-08-05 18:48:26 -0500 (Wed, 05 Aug 2009) | 1 line Typo. ........ r74326 | jesse.noller | 2009-08-05 21:05:56 -0500 (Wed, 05 Aug 2009) | 1 line Fix issue 4660: spurious task_done errors in multiprocessing, remove doc note for from_address ........ r74355 | gregory.p.smith | 2009-08-12 12:02:37 -0500 (Wed, 12 Aug 2009) | 2 lines comment typo fix ........ r74465 | vinay.sajip | 2009-08-15 18:23:12 -0500 (Sat, 15 Aug 2009) | 1 line Added section on logging to one file from multiple processes. ........ r74467 | vinay.sajip | 2009-08-15 18:34:47 -0500 (Sat, 15 Aug 2009) | 1 line Refined section on logging to one file from multiple processes. ........ r74488 | vinay.sajip | 2009-08-17 08:14:37 -0500 (Mon, 17 Aug 2009) | 1 line Further refined section on logging to one file from multiple processes. ........ r74492 | r.david.murray | 2009-08-17 14:26:49 -0500 (Mon, 17 Aug 2009) | 2 lines Issue 6685: 'toupper' -> 'upper' in cgi doc example explanation. ........ r74513 | skip.montanaro | 2009-08-18 09:37:52 -0500 (Tue, 18 Aug 2009) | 1 line missing module ref (issue6723) ........ r74531 | vinay.sajip | 2009-08-20 17:04:32 -0500 (Thu, 20 Aug 2009) | 1 line Added section on exceptions raised during logging. ........ r74549 | benjamin.peterson | 2009-08-24 12:42:36 -0500 (Mon, 24 Aug 2009) | 1 line fix pdf building by teaching latex the right encoding package ........ r74553 | r.david.murray | 2009-08-26 20:04:59 -0500 (Wed, 26 Aug 2009) | 2 lines Remove leftover text from end of sentence. ........ r74625 | benjamin.peterson | 2009-09-01 17:27:57 -0500 (Tue, 01 Sep 2009) | 1 line remove the check that classmethod's argument is a callable ........ r74632 | georg.brandl | 2009-09-03 02:27:26 -0500 (Thu, 03 Sep 2009) | 1 line #6828: fix wrongly highlighted blocks. ........ r74643 | georg.brandl | 2009-09-04 01:59:20 -0500 (Fri, 04 Sep 2009) | 2 lines Issue #2666: Handle BROWSER environment variable properly for unknown browser names in the webbrowser module. ........ r74644 | georg.brandl | 2009-09-04 02:55:14 -0500 (Fri, 04 Sep 2009) | 1 line #5047: remove Monterey support from configure. ........ r74647 | georg.brandl | 2009-09-04 03:17:04 -0500 (Fri, 04 Sep 2009) | 2 lines Issue #5275: In Cookie's Cookie.load(), properly handle non-string arguments as documented. ........ r74652 | georg.brandl | 2009-09-04 06:25:37 -0500 (Fri, 04 Sep 2009) | 1 line #6756: add some info about the "acct" parameter. ........ r74666 | georg.brandl | 2009-09-05 04:04:09 -0500 (Sat, 05 Sep 2009) | 1 line #6841: remove duplicated word. ........ r74671 | georg.brandl | 2009-09-05 11:47:17 -0500 (Sat, 05 Sep 2009) | 1 line #6843: add link from filterwarnings to where the meaning of the arguments is covered. ........ r74727 | benjamin.peterson | 2009-09-08 18:04:22 -0500 (Tue, 08 Sep 2009) | 1 line #6865 fix ref counting in initialization of pwd module ........ r74739 | georg.brandl | 2009-09-11 02:55:20 -0500 (Fri, 11 Sep 2009) | 1 line Move function back to its section. ........
* Turn some comments into docstrings.Georg Brandl2009-09-041-20/+16
|
* Remove pseudo-end markers from http.cookies.Georg Brandl2009-09-041-22/+1
|
* Fixing the issue4860. Escaping the embedded '"' in the js_output method of ↵Senthil Kumaran2009-04-021-1/+1
| | | | Morsel class.
* Merged revisions 66262 via svnmerge fromBenjamin Peterson2008-09-061-0/+6
| | | | | | | | | | | | svn+ssh://pythondev@svn.python.org/python/trunk ........ r66262 | benjamin.peterson | 2008-09-06 14:28:11 -0500 (Sat, 06 Sep 2008) | 4 lines #1638033: add support for httponly on Cookie.Morsel Reviewer: Benjamin ........
* #2834: Change re module semantics, so that str and bytes mixing is forbidden,Antoine Pitrou2008-08-191-1/+1
| | | | | and str (unicode) patterns get full unicode matching by default. The re.ASCII flag is also introduced to ask for ASCII matching instead.
* Remove deprecated SmartCookie and SerialCookie classes.Georg Brandl2008-05-281-153/+8
|
* Create http package. #2883.Georg Brandl2008-05-261-0/+733