On Mon, Dec 10, 2018 at 12:56 PM Michael Merickel wrote:
>
> On Mon, Dec 10, 2018 at 12:21 PM Bert JW Regeer wrote:
>>
>> Pyramid also by default supports all of the "secure" parts of the cookie.
>> There are no extra flags that can't already be set using Pyramid.
>>
>> Using the Secure package
I should note that the API I proposed is pretty similar to the current API
we already use in webob.cookies.CookieProfile if you wanted to see some
prior art there. There is a SignedCookieProfile subclass which does
signing, and all the settings are defined once and then the profile is
re-used
On Mon, Dec 10, 2018 at 12:21 PM Bert JW Regeer wrote:
> Pyramid also by default supports all of the "secure" parts of the cookie.
> There are no extra flags that can't already be set using Pyramid.
>
> Using the Secure package for cookies is unnecessary.
>
I imagine the benefit is less for
Pyramid also by default supports all of the "secure" parts of the cookie. There
are no extra flags that can't already be set using Pyramid.
Using the Secure package for cookies is unnecessary.
Bert
> On Dec 9, 2018, at 13:35, Jonathan Vanasco wrote:
>
> I may have missed something, but it
On Fri, Dec 7, 2018 at 2:25 AM Caleb wrote:
> All, I would appreciate any feedback on a lightweight security headers
> and cookie attribute project for Python web frameworks (including Pyramid)
> called Secure . Secure lets developers easily set security headers and
> secure cookies with
All, I would appreciate any feedback on a lightweight security headers and
cookie attribute project for Python web frameworks (including Pyramid) called
Secure . Secure lets developers easily set security headers and secure cookies
with recommended values. The repo is: