diff --git a/falcon/response.py b/falcon/response.py index affd036..b5d1b2a 100644 --- a/falcon/response.py +++ b/falcon/response.py @@ -146,7 +146,7 @@ class Response(object): self.stream_len = stream_len def set_cookie(self, name, value, expires=None, max_age=None, - domain=None, path=None, secure=True, httponly=True): + domain=None, path=None, secure=True, http_only=True): """Set a response cookie. Note: @@ -177,8 +177,8 @@ class Response(object): server whenever it sends back this cookie. Warning: You will also need to enforce HTTPS for the cookies to be transfered securely. - httponly (bool) (default: True): - The attribute httponly specifies that the cookie + http_only (bool) (default: True): + The attribute http_only specifies that the cookie is only transferred in HTTP requests, and is not accessible through JavaScript. This is intended to mitigate some forms of cross-site scripting. @@ -241,8 +241,8 @@ class Response(object): if secure: self._cookies[name]["secure"] = secure - if httponly: - self._cookies[name]["httponly"] = httponly + if http_only: + self._cookies[name]["httponly"] = http_only def unset_cookie(self, name): """Unset a cookie from the response diff --git a/falcon/response_helpers.py b/falcon/response_helpers.py index 84f778e..fd09504 100644 --- a/falcon/response_helpers.py +++ b/falcon/response_helpers.py @@ -11,7 +11,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -import six def header_property(name, doc, transform=None): @@ -64,15 +63,18 @@ def format_range(value): def is_ascii_encodable(s): # pragma: no cover - """ check if argument encodes to ascii without error - """ - if isinstance(s, six.text_type): - try: - s.encode("ascii") - return True - except UnicodeEncodeError: - return False - elif six.PY2 and isinstance(s, str): - return True - else: - raise ValueError("argument was not a string type") + """Check if argument encodes to ascii without error.""" + try: + s.encode("ascii") + except UnicodeEncodeError: + # NOTE(tbug): Py2 and Py3 will raise this if string contained + # chars that could not be ascii encoded + return False + except UnicodeDecodeError: + # NOTE(tbug): py2 will raise this if type is str + # and contains non-ascii chars + return False + except AttributeError: + # NOTE(tbug): s is probably not a string type + return False + return True diff --git a/tests/test_cookies.py b/tests/test_cookies.py index ae4fe2d..e98d666 100644 --- a/tests/test_cookies.py +++ b/tests/test_cookies.py @@ -29,18 +29,18 @@ class CookieResource: def on_head(self, req, resp): resp.set_cookie("foo", "bar", max_age=300) - resp.set_cookie("bar", "baz", httponly=False) + resp.set_cookie("bar", "baz", http_only=False) resp.set_cookie("bad", "cookie") resp.unset_cookie("bad") def on_post(self, req, resp): e = datetime(year=2050, month=1, day=1) # naive - resp.set_cookie("foo", "bar", httponly=False, secure=False, expires=e) + resp.set_cookie("foo", "bar", http_only=False, secure=False, expires=e) resp.unset_cookie("bad") def on_put(self, req, resp): e = datetime(year=2050, month=1, day=1, tzinfo=GMT_PLUS_ONE) # aware - resp.set_cookie("foo", "bar", httponly=False, secure=False, expires=e) + resp.set_cookie("foo", "bar", http_only=False, secure=False, expires=e) resp.unset_cookie("bad")