Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow user-defined secure cookies #6357

Merged
merged 7 commits into from
May 15, 2024
Merged

Allow user-defined secure cookies #6357

merged 7 commits into from
May 15, 2024

Conversation

Gallaecio
Copy link
Member

@Gallaecio Gallaecio commented May 13, 2024
edited

Allow user-defined cookies to specify a secure key to indicate if the cookie is meant to be only set on https:// requests.

It includes a backward-incompatible change, because it automatically sets secure to True if no value is specified and the request URL is https://. So a Request("https://example.com", cookies={"a": "b"}) object, if redirected to "http://example.com", would now lose the cookies. I think this behavior makes sense, i.e. secure by default, since users are likely to forget about setting secure even where they should. But it is worth noting that there is no standard for users defining cookies manually, and secure is False by default in server-set cookies.

Related to #5431.

@Gallaecio Gallaecio merged commit 812fd23 into scrapy:master May 15, 2024
26 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wRAR wRAR wRAR approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@Gallaecio @wRAR @ygalvao