Patches item #1638033, was opened at 2007-01-17 20:07 Message generated for change (Comment added) made by jjlee You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=305470&aid=1638033&group_id=5470
Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Library (Lib) Group: Python 2.6 Status: Open Resolution: None Priority: 5 Private: No Submitted By: Arvin Schnell (arvins) Assigned to: Nobody/Anonymous (nobody) Summary: Add httponly to Cookie module Initial Comment: Add the Microsoft extension httponly to the Cookie module. ---------------------------------------------------------------------- Comment By: John J Lee (jjlee) Date: 2007-01-31 23:17 Message: Logged In: YES user_id=261020 Originator: NO I see. That sounds reasonable, but I won't comment on whether it should be applied since this part of module Cookie didn't really make sense to me in the first place (I explain why in my comment of 2006-12-03 16:49 in http://python.org/sf/1372650). ---------------------------------------------------------------------- Comment By: Arvin Schnell (arvins) Date: 2007-01-30 18:45 Message: Logged In: YES user_id=698939 Originator: YES Anybody who sets a cookie with key="httponly" is likely in trouble. I don't know and can't check how the IE behaves in that case. But disallowing this use shouldn't hurt. Use case: I would like to use the httponly attribute in Django. I think it's also useful for other web-frameworks. ---------------------------------------------------------------------- Comment By: John J Lee (jjlee) Date: 2007-01-30 00:52 Message: Logged In: YES user_id=261020 Originator: NO This is backwards-incompatible, no? The behaviour of Morsel.set() changes (disallowing key="httponly") hence the behaviour of BaseCookie.__setitem__ changes. Do you have a use case? ---------------------------------------------------------------------- Comment By: Arvin Schnell (arvins) Date: 2007-01-19 17:01 Message: Logged In: YES user_id=698939 Originator: YES Sure, I have added some documentation to the patch. File Added: python.diff ---------------------------------------------------------------------- Comment By: Jim Jewett (jimjjewett) Date: 2007-01-19 15:06 Message: Logged In: YES user_id=764593 Originator: NO The documentation change should say what the attribute does. (It requests the the cookie be hidden from javascript, and available only to http requests.) ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=305470&aid=1638033&group_id=5470 _______________________________________________ Patches mailing list Patches@python.org http://mail.python.org/mailman/listinfo/patches
