mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-11-01 10:45:30 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 16

bpo-38976: Add support for HTTP Only flag in MozillaCookieJar (#17471)

Browse source 
Add support for HTTP Only flag in MozillaCookieJar

Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com>
This commit is contained in:
Jacob Neil Taylor 2020-10-24 09:48:55 +11:00 committed by GitHub
parent a3c4ceffe6
commit 16ee68da6e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 35 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

40
Lib/http/cookiejar.py
View file

@ -50,10 +50,18 @@ def _debug(*args):
logger = logging.getLogger("http.cookiejar")
return logger.debug(*args)
HTTPONLY_ATTR = "HTTPOnly"
HTTPONLY_PREFIX = "#HttpOnly_"
DEFAULT_HTTP_PORT = str(http.client.HTTP_PORT)
NETSCAPE_MAGIC_RGX = re.compile("#( Netscape)? HTTP Cookie File")
MISSING_FILENAME_TEXT = ("a filename was not supplied (nor was the CookieJar "
"instance initialised with one)")
NETSCAPE_HEADER_TEXT = """\
# Netscape HTTP Cookie File
# http://curl.haxx.se/rfc/cookie_spec.html
# This is a generated file! Do not edit.
"""
def _warn_unhandled_exception():
# There are a few catch-all except: statements in this module, for
@ -2004,19 +2012,11 @@ class MozillaCookieJar(FileCookieJar):
header by default (Mozilla can cope with that).
"""
magic_re = re.compile("#( Netscape)? HTTP Cookie File")
header = """\
# Netscape HTTP Cookie File
# http://curl.haxx.se/rfc/cookie_spec.html
# This is a generated file! Do not edit.
"""
def _really_load(self, f, filename, ignore_discard, ignore_expires):
now = time.time()
magic = f.readline()
if not self.magic_re.search(magic):
if not NETSCAPE_MAGIC_RGX.match(f.readline()):
raise LoadError(
"%r does not look like a Netscape format cookies file" %
filename)
@ -2024,8 +2024,17 @@ class MozillaCookieJar(FileCookieJar):
try:
while 1:
line = f.readline()
rest = {}
if line == "": break
# httponly is a cookie flag as defined in rfc6265
# when encoded in a netscape cookie file,
# the line is prepended with "#HttpOnly_"
if line.startswith(HTTPONLY_PREFIX):
rest[HTTPONLY_ATTR] = ""
line = line[len(HTTPONLY_PREFIX):]
# last field may be absent, so keep any trailing tab
if line.endswith("\n"): line = line[:-1]
@ -2063,7 +2072,7 @@ class MozillaCookieJar(FileCookieJar):
discard,
None,
None,
{})
rest)
if not ignore_discard and c.discard:
continue
if not ignore_expires and c.is_expired(now):
@ -2083,16 +2092,17 @@ class MozillaCookieJar(FileCookieJar):
else: raise ValueError(MISSING_FILENAME_TEXT)
with open(filename, "w") as f:
f.write(self.header)
f.write(NETSCAPE_HEADER_TEXT)
now = time.time()
for cookie in self:
domain = cookie.domain
if not ignore_discard and cookie.discard:
continue
if not ignore_expires and cookie.is_expired(now):
continue
if cookie.secure: secure = "TRUE"
else: secure = "FALSE"
if cookie.domain.startswith("."): initial_dot = "TRUE"
if domain.startswith("."): initial_dot = "TRUE"
else: initial_dot = "FALSE"
if cookie.expires is not None:
expires = str(cookie.expires)
@ -2107,7 +2117,9 @@ class MozillaCookieJar(FileCookieJar):
else:
name = cookie.name
value = cookie.value
if cookie.has_nonstandard_attr(HTTPONLY_ATTR):
domain = HTTPONLY_PREFIX + domain
f.write(
"\t".join([cookie.domain, initial_dot, cookie.path,
"\t".join([domain, initial_dot, cookie.path,
secure, expires, name, value])+
"\n")