Sanic: Enforce Date Type for Expires on Set-Cookie

Created on 2 Jan 2019  ·  5Comments  ·  Source: sanic-org/sanic

Description

As per the HTTP standard guidelines, the Expires parameter of the Set-Cookie needs to be a date in the format specified by the RFC 7231 as shown in Mozilla Dev Guide

Current encode method in sanic's Cookie class though enforces this standard, it will also allow you to set any item as a valid value via an exception catcher block.

Reference

  1. encode method in Cookie class
  2. Community Discussion Thread

Expected Behavior

Only a valid datetime object that can be converted into a RFC standard date needs to be taken as a valid item

beginner enhancement help wanted
Source
picture harshanarayana
👍1

All 5 comments

@harshanarayana What about a string with valid format?

Related test:
https://github.com/huge-success/sanic/blob/cea1547e08230b6ad49eb7777fd8db5335382b7a/tests/test_cookies.py#L159-L181

chenjr0719 picture chenjr0719 on 3 Jan 2019

@chenjr0719 ATM, the only way I can think of to enforce the string date format to be compliant with RCF would be via the strptime method. But is it even required to support the date in string format here? I personally think having just datetime support should be fine. But @huge-success/sanic-core-devs can pitch in and suggest maybe?

harshanarayana picture harshanarayana on 3 Jan 2019

Seems like an extra check during the request/response cycle for a relatively unimportant edge case.

ahopkins picture ahopkins on 3 Jan 2019

Is anybody currently working on this? I would like to work on this issue.

LTMenezes picture LTMenezes on 18 Jan 2019
👍1

@LTMenezes The job is yours!🤘

ahopkins picture ahopkins on 18 Jan 2019
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

misakar picture misakar  ·  4Comments
ubergarm picture ubergarm  ·  4Comments
woutor picture woutor  ·  3Comments
eseglem picture eseglem  ·  4Comments
olalonde picture olalonde  ·  3Comments