Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Hard error on invalid max-age cookie #1810

Closed
jamesstidard opened this issue Mar 18, 2020 · 4 comments · Fixed by #2001
Closed

Hard error on invalid max-age cookie #1810

jamesstidard opened this issue Mar 18, 2020 · 4 comments · Fixed by #2001
Labels
bug

Comments

@jamesstidard
Copy link
Contributor

jamesstidard commented Mar 18, 2020
edited
Loading

Describe the bug
Currently when setting the max-age cookie value, it's possible for a valid value to not be set as expected, as well as an invalid value from raising a hard error. In both cases the values are replaced by a 0 max-age.

Code snippet

response.cookie["my-cookie"]["max-age"] = 10.0  # max-age is set to 0
response.cookie["my-cookie"]["max-age"] = 10.5  # max-age is set to 0
response.cookie["my-cookie"]["max-age"] = "ten"  # max-age is set to 0
response.cookie["my-cookie"]["max-age"] = "10"  # max-age is set to 10
response.cookie["my-cookie"]["max-age"] = 10  # max-age is set to 10

Expected behavior
Here's what I think the expected behaviour should be (akin to how the expires cookie attribute is handled; raising an error if not a datetime.datetime).

response.cookie["my-cookie"]["max-age"] = 10.0  # max-age is set to 10
response.cookie["my-cookie"]["max-age"] = 10.5  # raise ValueError
response.cookie["my-cookie"]["max-age"] = "ten"  # raise ValueError
response.cookie["my-cookie"]["max-age"] = "10"  # max-age is set to 10
response.cookie["my-cookie"]["max-age"] = 10  # max-age is set to 10

Environment (please complete the following information):

  • OS: macOS
  • Version 19.12.2

Additional context
I've created a pull request for this here #1809. Here's the issue relating to the original implementation #1452.

Creating this issue so I can have an issue number for the changelog.
@jamesstidard jamesstidard mentioned this issue Mar 18, 2020
Closed
@stale
Copy link

stale bot commented Jun 16, 2020

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. If this is incorrect, please respond with an update. Thank you for your contributions.

@stale stale bot added the stale label Jun 16, 2020
@stale stale bot closed this as completed Jul 18, 2020
@ahopkins ahopkins added bug and removed stale labels Jul 19, 2020
@ahopkins ahopkins reopened this Jul 19, 2020
@myusko
Copy link
Contributor

myusko commented Aug 19, 2020

@ahopkins Should we close the ticket? looks like #1457 was fixed the issue.

@ahopkins
Copy link
Member

Let's investigate. That PR was several years ago. There was a change to cookies not that long ago, maybe it is a regression? Let's confirm this on both sanic server and ASGI. I'm not at the computer now to check if there are tests for this already or not.

@myusko
Copy link
Contributor

myusko commented Aug 20, 2020

Looks like for the server we have the tests, but for ASGI don't have.

@ahopkins ahopkins mentioned this issue Jan 11, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Raise ValueError when cookie max-age is not an integer sanic-org/sanic
3 participants
@ahopkins @jamesstidard @myusko