-
-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support for setting partitioned cookies #9870
Comments
To be clear, you only need to set the flag when sending cookies? You're not asking for partitioned storage when receiving them (which would be a lot more work)? |
I'm pretty sure this is a problem in Python itself and is fixed in Python 3.13+ Will need to check when I'm back at my desk |
if sys.version_info[:2] < (3, 14):
from http import cookies
# See: https://github.com/python/cpython/issues/112713
cookies.Morsel._reserved["partitioned"] = "partitioned" # type: ignore[attr-defined]
cookies.Morsel._flags.add("partitioned") # type: ignore[attr-defined] That should work as a workaround if you can't upgrade to Python 3.13 |
Looks like python/cpython#112714 didn't actually merge into 3.13 so the guard might need to be |
For setting them, we'd need to add the parameters though: Line 930 in 4adb061
Should be a nice easy PR for anyone wanting to volunteer. |
Yeah, so it is rejected currently:
So, will need that PR merged in cpython before we can do anything here. |
Would it be possible for aiohttp to provide some kind of polyfill/backport of this feature? Waiting for Python 3.14, which comes out next year and will take potentially years to roll out to production servers does not seem ideal. |
Seems like we could include the hack as shown above: #9870 (comment) I think we'd atleast want to know that the upstream PR has been merged and which version it will be released in first though. |
I'm strongly against monkey-patching stdlib for adding new features. Plus, if aiohttp user really need CHIPS we provide low-level I can imagine a workaround for aiohttp itself though. |
We can also just add the parameter without a version check. Then users can do the monkeypatch on older releases if they need it. |
Works for me as well, and much less code to maintain |
Relatedly (too lazy right now to open a separate issue) a response |
Is your feature request related to a problem?
I need to use partitioned cookies to set cookies in contexts where third-party cookies are otherwise restricted.
Describe the solution you'd like
A recent addition to the Set-Cookie header is the ability to mark cookies as partitioned (see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#partitioned, https://developer.mozilla.org/en-US/docs/Web/Privacy/Privacy_sandbox/Partitioned_cookies).
StreamResponse.set_cookie
should support setting partitioned cookies, e.g. using apartitioned=True
keyword argument.Describe alternatives you've considered
I can create a 'Set-Cookie' header manually, but would have to figure out edge cases with encoding and escaping special characters myself. This would be inconvenient and probably error-prone.
Related component
Server
Additional context
No response
Code of Conduct
The text was updated successfully, but these errors were encountered: