[issue22796] Support for httponly/secure cookies reintroduced lax parsing behavior

Antoine Pitrou Tue, 04 Nov 2014 10:35:27 -0800

Antoine Pitrou added the comment:

The security issue isn't easy to explain, it involves an elaborated set of 
services (browser, Web site...) each having a slightly different notion of 
cookie parsing to mount an attack allowing to bypass CSRF protection on certain 
Python-powered frameworks. It's from a report made to security@p.o.


----------

_______________________________________
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue22796>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue22796] Support for httponly/secure cookies reintroduced lax parsing behavior

Reply via email to