Commit 4d0641ac authored by Vincent Pelletier's avatar Vincent Pelletier

wsgi: Fix CORS cookie lifespan.

"expires" takes an absolute date, "max-age" takes a number of seconds until
expiration.
So switch to "max-age": according to Mozilla Developer Network, it is
supported by all major browsers, and by IE since version 8.
parent eacf073a
......@@ -688,7 +688,7 @@ class Application(object):
"""
cookie = SimpleCookie({self._cors_cookie_id: value})[self._cors_cookie_id]
cookie['path'] = environ.get('SCRIPT_NAME') or '/',
cookie['expires'] = A_YEAR_IN_SECONDS
cookie['max-age'] = A_YEAR_IN_SECONDS
# No "secure" flag: cookie is not secret, and is protected against
# tampering on client side.
# No "httponly" flag: cookie is protected against tampering on client side,
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment