-
-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[stdlib] make cookies module modern #17116
Conversation
see also https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
https://tools.ietf.org/html/draft-west-cookie-incrementalism-00 |
Co-authored-by: hlaaftana <[email protected]>
SameSite* {.pure.} = enum ## The SameSite cookie attribute. | ||
## `Default` means that `setCookie` | ||
## proc will not set `SameSite` attribute. | ||
Default, None, Lax, Strict |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
std/compilesettings uses lower-case enum values, this is inconsistent; we should specify in nep1 which one is the "best practice"
followup: timotheecour#622 (comment)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
## Creates a command in the format of | ||
## ``Set-Cookie: key=value; Domain=...; ...`` | ||
return setCookie(key, value, domain, path, | ||
## `Set-Cookie: key=value; Domain=...; ...` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
pre-existing but this overload (with differently placed params) seems like a bad design, instead we should expose a proc (eg toGmtString(t: DateTime|Time)
and let users call:
setCookie(..., t.toGmtString, ...)
* update cookies module * introduce sameSite.Default Co-authored-by: hlaaftana <[email protected]>
* update cookies module * introduce sameSite.Default Co-authored-by: hlaaftana <[email protected]>
Ref #10604
std/cookies
is not good enough, people are keeping creating a new one.https://github.com/dom96/jester/blob/master/jester/private/utils.nim
https://github.com/planety/cookiejar
https://github.com/itsumura-h/nim-basolato/blob/master/src/basolato/core/utils.nim
https://github.com/achesak/nim-biscuits#about
BTW Python has deprecated
cgi
module at Python 3.8 and will removecgi
module at Python 3.10.93.25% of browsers support sameSite attribute.
https://caniuse.com/?search=sameSite