Comments (7)
Hi,
Another google only thing.. Thanks for reporting, I was not aware of this new feature.
I think it would make sense adding, but I'm honestly not sure about
I think adding Partitioned automatically would be good if same_site is None.
Is this the suggested behavior in the spec?
Some more link from mdn
- https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie
- https://developer.mozilla.org/en-US/docs/Web/Privacy/Privacy_sandbox/Partitioned_cookies
PR are welcome
from falcon.
I'm not convinced we should support every Google-specific thing, but if CPython accepts the referenced PR, this is good enough for us too I guess.
from falcon.
an alternative could be to add an open ended **kw
to the method so that custom options can be added even before we commit one way of the other
from falcon.
That's a good idea too @CaselIT, but we probably need to monkey-patch older Python stdlib in any case, as we already do/did for SameSite
.
from falcon.
You know Chrome has already started rejecting cookies with samesite=None.
In addition to Chrome, Firefox also supports the Partitioned attribute, despite this, as it shows this.
Cookie “ory_hydra_login_csrf_dev_2630171196” will soon be rejected because it is foreign and does not have the “Partitioned“ attribute.
Safari developers seem to be going to support the Partitioned attribute.
Automatic addition of the Partitioned attribute is safe for most users. However, sometimes it may be overkill for certain use cases. If the user gives permission against SAA, cookies with samesite=None and without Partitioned can be used, for example, for keeping login status among multiple sites.
So, how about a combination of the following two measures? This is automatic but customizable.
-
Add a "partitioned" keyword argument to set_cookie().
-
Provide a partitioned_3rd_party_cookies_by_default global flag (default True) and add "Partitioned;secure;" by default to cookies with samesite=None if the partitioned keyword argument is not specified.
Here is an overview of measures for rejecting 3rd-party cookies.
from falcon.
I wouldn't be so eager to automatically add Partitioned
for SameSite=none
cookies in the first iteration, as Falcon isn't much focused on cookies in general, and users can handle that themselves if needed.
Otherwise we would accept a PR for Partitioned
if anyone opens that.
And we would even consider implementing that ourselves in the absence of community PRs, but only if it is standardized in CPython (the PRs/issues are still open for 3.13 at the time of this writing).
from falcon.
It's OK for me. That's reasonable.
Thanks for consideration.
from falcon.
Related Issues (20)
- `DefaultEventLoopPolicy.get_event_loop()` is deprecated (in the case of no loop) HOT 3
- Make contributor's checklist pass on CPython 3.12
- unable to iterate through `MultipartForm` multiple times HOT 2
- `http_date_to_dt()` should return a timezone-aware datetime
- Drop `--no-build-isolation` in testing
- IPv6 WSGI server fails to start
- Migrate to "pure Python" Cython mode where applicable HOT 3
- Make Python 3.12 the default CI version
- Docs facelift HOT 2
- Request: offer a way to validate `get_media()` as part of decoding the stream data to Python HOT 7
- Refactor CONSUME_MULTIPLE_SEGMENTS in BaseConverter HOT 1
- TestClient methods are typed to return _ResultBase, but actually return Result HOT 4
- TestClient sets buffered_stream, but not stream HOT 3
- Migrate to another code formatter? HOT 5
- Make it easier to extend/subclass default router
- Document how resp is affected by raising `HTTPError`/`HTTPStatus` HOT 3
- Generalize validators to support additional types of validation other than jsonschema HOT 2
- Use `ruff` linter instead of `flake8`
- Update installation docs wrt PEP 517
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from falcon.