[issue23250] http.cookies HttpOnly attribute does not use suggested case-style of HTTP standard
New submission from Jon Dufresne: See http://tools.ietf.org/html/rfc6265#section-5.2.6 Relevant section: --- 5.2.6. The HttpOnly Attribute If the attribute-name case-insensitively matches the string HttpOnly, the user agent MUST append an attribute to the cookie-attribute-list with an attribute-name of HttpOnly and an empty attribute-value. ... If the cookie-attribute-list contains an attribute with an attribute-name of HttpOnly, set the cookie's http-only-flag to true. Otherwise, set the cookie's http-only-flag to false. --- http.cookies creates this attribute as `httponly` not `HttpOnly`. It is true, when interpreted by the user agent, this attribute is case insensitive, but it seems odd that Python would go out of its way to purposely use a different case then stated in the standard. When looking at other web technologies, the case used in the standard is most typical. The examples in the standard also use the `HttpOnly` style. (Same applies to the Secure flag.) -- components: Library (Lib) messages: 234132 nosy: jdufresne priority: normal severity: normal status: open title: http.cookies HttpOnly attribute does not use suggested case-style of HTTP standard type: behavior versions: Python 3.5 ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue23250 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue23250] http.cookies HttpOnly attribute does not use suggested case-style of HTTP standard
Changes by Jon Dufresne jon.dufre...@gmail.com: -- keywords: +patch Added file: http://bugs.python.org/file37729/http-only-case.patch ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue23250 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue23250] http.cookies HttpOnly attribute does not use suggested case-style of HTTP standard
Changes by R. David Murray rdmur...@bitdance.com: -- nosy: +r.david.murray stage: - commit review versions: +Python 3.4 ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue23250 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue23250] http.cookies HttpOnly attribute does not use suggested case-style of HTTP standard
Roundup Robot added the comment: New changeset 0d8380c493ad by Benjamin Peterson in branch '3.4': capitialize HttpOnly and Secure as they appear in the standard and other impls (closes #23250) https://hg.python.org/cpython/rev/0d8380c493ad -- nosy: +python-dev resolution: - fixed stage: commit review - resolved status: open - closed ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue23250 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
