Add support for partitioned cookies #2196
Conversation
rawleyfowler
changed the title
kraih
requested review from
a team,
marcusramberg,
kraih,
christopherraa and
Grinnz
|
We could also mark this as experimental, though it is implemented in most browsers. |
|
This pull request is now in conflicts. Could you fix it @rawleyfowler? 🙏 |
|
This pull request is now in conflicts. Could you fix it @rawleyfowler? 🙏 |
rawleyfowler
changed the title
|
Plack recently merged this into |
|
Yes, since this is only a draft spec we have to mark it experimental. |
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
|
@kraih Thanks for the review, they've been fixed. |
There was a problem hiding this comment.
Pull Request Overview
Adds support for the new Partitioned cookie attribute to both core cookie handling and session cookies, and updates tests to cover the new behavior.
- Extend
Mojo::Cookie::Responseparsing, serialization, and docs withpartitioned - Add
partitionedflag toMojolicious::Sessionsand include it in Set-Cookie options - Update tests in
t/mojo/cookie.tto coverPartitionedoutput and parsing
Reviewed Changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| t/mojo/cookie.t | Added calls to partitioned(1) and new subtest for parsing |
| lib/Mojolicious/Sessions.pm | Introduced partitioned attribute in constructor, store logic, and docs |
| lib/Mojo/Cookie/Response.pm | Added partitioned to has, parsing map, to_string, and docs |
Comments suppressed due to low confidence (1)
lib/Mojolicious/Sessions.pm:58
- Consider adding tests to verify that the
partitionedflag on session cookies results in thePartitionedattribute being set in theSet-Cookieheader.
partitioned => $self->partitioned,
| my $partitioned = $cookie->partitioned; | ||
| $cookie = $cookie->partitioned(1); | ||
|
|
||
| Partitioned flag, this is to be used in accordance to the CHIPS ammendment to RFC 6265. |
There was a problem hiding this comment.
Typo: 'ammendment' should be 'amendment' for accuracy in the documentation.
| Partitioned flag, this is to be used in accordance to the CHIPS ammendment to RFC 6265. | |
| Partitioned flag, this is to be used in accordance to the CHIPS amendment to RFC 6265. |
Copilot uses AI. Check for mistakes.
Summary
Firefox is soon going to ignore third-party aka "foreign" aka
SameSite: NoneMotivation
These changes allow Mojolicious to handle the new "Partitioned" attribute, as well as adding the ability to set
PartitionedonMojolicious::Sessionscookies.References
https://www.ietf.org/archive/id/draft-cutler-httpbis-partitioned-cookies-00.html
https://github.com/privacycg/CHIPS
fixes #2179