From e1024d989c0a3f667878aec385de2751f689d0fd Mon Sep 17 00:00:00 2001 From: Tatsuhiro Tsujikawa Date: Tue, 23 Dec 2014 19:08:48 +0900 Subject: [PATCH] Add secure attribute to cookies if wsgi.url_scheme == 'https' --- httpbin/core.py | 6 +++--- httpbin/helpers.py | 4 ++++ 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/httpbin/core.py b/httpbin/core.py index 18423f5..04c578d 100644 --- a/httpbin/core.py +++ b/httpbin/core.py @@ -21,7 +21,7 @@ from werkzeug.wrappers import BaseResponse from six.moves import range as xrange from . import filters -from .helpers import get_headers, status_code, get_dict, check_basic_auth, check_digest_auth, H, ROBOT_TXT, ANGRY_ASCII +from .helpers import get_headers, status_code, get_dict, check_basic_auth, check_digest_auth, secure_cookie, H, ROBOT_TXT, ANGRY_ASCII from .utils import weighted_choice from .structures import CaseInsensitiveDict @@ -321,7 +321,7 @@ def set_cookie(name, value): """Sets a cookie and redirects to cookie list.""" r = app.make_response(redirect('/cookies')) - r.set_cookie(key=name, value=value) + r.set_cookie(key=name, value=value, secure=secure_cookie()) return r @@ -333,7 +333,7 @@ def set_cookies(): cookies = dict(request.args.items()) r = app.make_response(redirect('/cookies')) for key, value in cookies.items(): - r.set_cookie(key=key, value=value) + r.set_cookie(key=key, value=value, secure=secure_cookie()) return r diff --git a/httpbin/helpers.py b/httpbin/helpers.py index 89bef12..e0dcad8 100644 --- a/httpbin/helpers.py +++ b/httpbin/helpers.py @@ -329,3 +329,7 @@ def check_digest_auth(user, passwd): if credentails.get('response') == response_hash: return True return False + +def secure_cookie(): + """Return true if cookie should have secure attribute""" + return request.environ['wsgi.url_scheme'] == 'https'