Merge pull request #192 from tatsuhiro-t/secure-cookies

Add secure attribute to cookies if wsgi.url_scheme == 'https'
2026-06-05 23:00:18 +00:00 · 2014-12-23 09:50:59 -08:00
parent 56b20baab4 e1024d989c
commit 0b6f638b67
2 changed files with 7 additions and 3 deletions
@@ -21,7 +21,7 @@ from werkzeug.wrappers import BaseResponse
 from six.moves import range as xrange

 from . import filters
-from .helpers import get_headers, status_code, get_dict, check_basic_auth, check_digest_auth, H, ROBOT_TXT, ANGRY_ASCII
+from .helpers import get_headers, status_code, get_dict, check_basic_auth, check_digest_auth, secure_cookie, H, ROBOT_TXT, ANGRY_ASCII
 from .utils import weighted_choice
 from .structures import CaseInsensitiveDict

@@ -321,7 +321,7 @@ def set_cookie(name, value):
    """Sets a cookie and redirects to cookie list."""

    r = app.make_response(redirect('/cookies'))
-    r.set_cookie(key=name, value=value)
+    r.set_cookie(key=name, value=value, secure=secure_cookie())

    return r

@@ -333,7 +333,7 @@ def set_cookies():
    cookies = dict(request.args.items())
    r = app.make_response(redirect('/cookies'))
    for key, value in cookies.items():
-        r.set_cookie(key=key, value=value)
+        r.set_cookie(key=key, value=value, secure=secure_cookie())

    return r

@@ -329,3 +329,7 @@ def check_digest_auth(user, passwd):
        if credentails.get('response') == response_hash:
            return True
    return False
+
+def secure_cookie():
+    """Return true if cookie should have secure attribute"""
+    return request.environ['wsgi.url_scheme'] == 'https'