Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
C
cpython
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
cpython
Commits
4c339970
Commit
4c339970
authored
Oct 08, 2018
by
Paul Bailey
Committed by
Andrew Svetlov
Oct 08, 2018
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
bpo-34911: Added support for secure websocket cookies (GH-9734)
parent
af5658ae
Changes
4
Show whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
67 additions
and
5 deletions
+67
-5
Doc/library/http.cookiejar.rst
Doc/library/http.cookiejar.rst
+6
-4
Lib/http/cookiejar.py
Lib/http/cookiejar.py
+3
-1
Lib/test/test_http_cookiejar.py
Lib/test/test_http_cookiejar.py
+55
-0
Misc/NEWS.d/next/Library/2018-10-08-15-22-02.bpo-34911.hCy0Fv.rst
...S.d/next/Library/2018-10-08-15-22-02.bpo-34911.hCy0Fv.rst
+3
-0
No files found.
Doc/library/http.cookiejar.rst
View file @
4c339970
...
...
@@ -78,14 +78,16 @@ The following classes are provided:
from / returned to the server.
.. class:: DefaultCookiePolicy( blocked_domains=None, allowed_domains=None, netscape=True, rfc2965=False, rfc2109_as_netscape=None, hide_cookie2=False, strict_domain=False, strict_rfc2965_unverifiable=True, strict_ns_unverifiable=False, strict_ns_domain=DefaultCookiePolicy.DomainLiberal, strict_ns_set_initial_dollar=False, strict_ns_set_path=False )
.. class:: DefaultCookiePolicy( blocked_domains=None, allowed_domains=None, netscape=True, rfc2965=False, rfc2109_as_netscape=None, hide_cookie2=False, strict_domain=False, strict_rfc2965_unverifiable=True, strict_ns_unverifiable=False, strict_ns_domain=DefaultCookiePolicy.DomainLiberal, strict_ns_set_initial_dollar=False, strict_ns_set_path=False
, secure_protocols=("https", "wss")
)
Constructor arguments should be passed as keyword arguments only.
*blocked_domains* is a sequence of domain names that we never accept cookies
from, nor return cookies to. *allowed_domains* if not :const:`None`, this is a
sequence of the only domains for which we accept and return cookies. For all
other arguments, see the documentation for :class:`CookiePolicy` and
:class:`DefaultCookiePolicy` objects.
sequence of the only domains for which we accept and return cookies.
*secure_protocols* is a sequence of protocols for which secure cookies can be
added to. By default *https* and *wss* (secure websocket) are considered
secure protocols. For all other arguments, see the documentation for
:class:`CookiePolicy` and :class:`DefaultCookiePolicy` objects.
:class:`DefaultCookiePolicy` implements the standard accept / reject rules for
Netscape and :rfc:`2965` cookies. By default, :rfc:`2109` cookies (ie. cookies
...
...
Lib/http/cookiejar.py
View file @
4c339970
...
...
@@ -878,6 +878,7 @@ class DefaultCookiePolicy(CookiePolicy):
strict_ns_domain=DomainLiberal,
strict_ns_set_initial_dollar=False,
strict_ns_set_path=False,
secure_protocols=("https", "wss")
):
"""
Constructor
arguments
should
be
passed
as
keyword
arguments
only
.
"""
self.netscape = netscape
...
...
@@ -890,6 +891,7 @@ class DefaultCookiePolicy(CookiePolicy):
self.strict_ns_domain = strict_ns_domain
self.strict_ns_set_initial_dollar = strict_ns_set_initial_dollar
self.strict_ns_set_path = strict_ns_set_path
self.secure_protocols = secure_protocols
if blocked_domains is not None:
self._blocked_domains = tuple(blocked_domains)
...
...
@@ -1116,7 +1118,7 @@ class DefaultCookiePolicy(CookiePolicy):
return True
def return_ok_secure(self, cookie, request):
if cookie.secure and request.type
!= "https"
:
if cookie.secure and request.type
not in self.secure_protocols
:
_debug(" secure cookie with non-secure request")
return False
return True
...
...
Lib/test/test_http_cookiejar.py
View file @
4c339970
...
...
@@ -984,6 +984,61 @@ class CookieTests(unittest.TestCase):
c
.
_cookies
[
"www.acme.com"
][
"/"
][
"foo2"
].
secure
,
"secure cookie registered non-secure"
)
def
test_secure_block
(
self
):
pol
=
DefaultCookiePolicy
()
c
=
CookieJar
(
policy
=
pol
)
headers
=
[
"Set-Cookie: session=narf; secure; path=/"
]
req
=
urllib
.
request
.
Request
(
"https://www.acme.com/"
)
res
=
FakeResponse
(
headers
,
"https://www.acme.com/"
)
c
.
extract_cookies
(
res
,
req
)
self
.
assertEqual
(
len
(
c
),
1
)
req
=
urllib
.
request
.
Request
(
"https://www.acme.com/"
)
c
.
add_cookie_header
(
req
)
self
.
assertTrue
(
req
.
has_header
(
"Cookie"
))
req
=
urllib
.
request
.
Request
(
"http://www.acme.com/"
)
c
.
add_cookie_header
(
req
)
self
.
assertFalse
(
req
.
has_header
(
"Cookie"
))
# secure websocket protocol
req
=
urllib
.
request
.
Request
(
"wss://www.acme.com/"
)
c
.
add_cookie_header
(
req
)
self
.
assertTrue
(
req
.
has_header
(
"Cookie"
))
# non-secure websocket protocol
req
=
urllib
.
request
.
Request
(
"ws://www.acme.com/"
)
c
.
add_cookie_header
(
req
)
self
.
assertFalse
(
req
.
has_header
(
"Cookie"
))
def
test_custom_secure_protocols
(
self
):
pol
=
DefaultCookiePolicy
(
secure_protocols
=
[
"foos"
])
c
=
CookieJar
(
policy
=
pol
)
headers
=
[
"Set-Cookie: session=narf; secure; path=/"
]
req
=
urllib
.
request
.
Request
(
"https://www.acme.com/"
)
res
=
FakeResponse
(
headers
,
"https://www.acme.com/"
)
c
.
extract_cookies
(
res
,
req
)
self
.
assertEqual
(
len
(
c
),
1
)
# test https removed from secure protocol list
req
=
urllib
.
request
.
Request
(
"https://www.acme.com/"
)
c
.
add_cookie_header
(
req
)
self
.
assertFalse
(
req
.
has_header
(
"Cookie"
))
req
=
urllib
.
request
.
Request
(
"http://www.acme.com/"
)
c
.
add_cookie_header
(
req
)
self
.
assertFalse
(
req
.
has_header
(
"Cookie"
))
req
=
urllib
.
request
.
Request
(
"foos://www.acme.com/"
)
c
.
add_cookie_header
(
req
)
self
.
assertTrue
(
req
.
has_header
(
"Cookie"
))
req
=
urllib
.
request
.
Request
(
"foo://www.acme.com/"
)
c
.
add_cookie_header
(
req
)
self
.
assertFalse
(
req
.
has_header
(
"Cookie"
))
def
test_quote_cookie_value
(
self
):
c
=
CookieJar
(
policy
=
DefaultCookiePolicy
(
rfc2965
=
True
))
interact_2965
(
c
,
"http://www.acme.com/"
,
r'foo=\b"a"r; Version=1'
)
...
...
Misc/NEWS.d/next/Library/2018-10-08-15-22-02.bpo-34911.hCy0Fv.rst
0 → 100644
View file @
4c339970
Added *secure_protocols* argument to *http.cookiejar.DefaultCookiePolicy* to
allow for tweaking of protocols and also to add support by default for
*wss*, the secure websocket protocol.
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment