Roundup Robot added the comment:
New changeset 0ba6ebd90b9d by Berker Peksag in branch '2.7':
Issue #19870: BaseCookie now parses 'secure' and 'httponly' flags.
http://hg.python.org/cpython/rev/0ba6ebd90b9d
--
nosy: +python-dev
___
Python tracker
Changes by Berker Peksag berker.pek...@gmail.com:
--
resolution: - fixed
stage: commit review - resolved
status: open - closed
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue19870
___
Changes by Berker Peksag berker.pek...@gmail.com:
--
assignee: - berker.peksag
stage: patch review - commit review
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue19870
___
INADA Naoki added the comment:
Could someone review this?
While this is not a regression or bug, I think this is an important
feature when writing HTTP clients.
--
nosy: +naoki
___
Python tracker rep...@bugs.python.org
R. David Murray added the comment:
If it really wasn't a bug, we couldn't backport it. However, we generally
treat RFC non-compliance issues as bugs unless fixing them is disruptive (and
this one isn't because I took care to maintain backward compatibility in the
original patch), so it is OK
Berker Peksag added the comment:
Here's a backport of issue 16611 for 2.7.
--
keywords: +patch
nosy: +berker.peksag
stage: - patch review
versions: -Python 3.3
Added file: http://bugs.python.org/file33597/issue19870.diff
___
Python tracker
R. David Murray added the comment:
I'm not sure why that fix was not backported, so I think it should be OK to do
so.
3.2 is in security fix only mode. No one argued that it was a securty issue
when it was fixed in 3.3.
--
nosy: +r.david.murray
New submission from Florian Pilz:
Until Python 3.3.3 the Cookie library did not support the httponly and secure
flag (see Issue 16611). Therefore the library is not RFC conform until then, so
I think there should be a backport into 2.7 and maybe 3.2 as well.
--
components: Library
