orbit-oss/flask
4
4
Fork 2
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #2693 from davidism/max-cookie-size

Browse source 
add Response.max_cookie_size config
This commit is contained in:
David Lord 2018-04-10 11:26:15 -07:00 committed by GitHub
commit d8bf589d48
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 65 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

12
CHANGES.rst
View file

@ -145,11 +145,14 @@ unreleased
(`#2635`_) (`#2635`_)
- A single trailing slash is stripped from the blueprint ``url_prefix`` - A single trailing slash is stripped from the blueprint ``url_prefix``
when it is registered with the app. (`#2629`_) when it is registered with the app. (`#2629`_)
- :meth:`Request.get_json() <flask.Request.get_json>` doesn't cache the - :meth:`Request.get_json` doesn't cache the
result if parsing fails when ``silent`` is true. (`#2651`_) result if parsing fails when ``silent`` is true. (`#2651`_)
- :func:`request.get_json <flask.Request.get_json>` no longer accepts - :func:`Request.get_json` no longer accepts arbitrary encodings.
arbitrary encodings. Incoming JSON should be encoded using UTF-8 per Incoming JSON should be encoded using UTF-8 per :rfc:`8259`, but Flask
:rfc:`8259`, but Flask will autodetect UTF-8, -16, or -32. (`#2691`_) will autodetect UTF-8, -16, or -32. (`#2691`_)
- Added :data:`MAX_COOKIE_SIZE` and :attr:`Response.max_cookie_size` to
control when Werkzeug warns about large cookies that browsers may
ignore. (`#2693`_)
.. _pallets/meta#24: https://github.com/pallets/meta/issues/24 .. _pallets/meta#24: https://github.com/pallets/meta/issues/24
.. _#1421: https://github.com/pallets/flask/issues/1421 .. _#1421: https://github.com/pallets/flask/issues/1421
@ -196,6 +199,7 @@ unreleased
.. _#2629: https://github.com/pallets/flask/pull/2629 .. _#2629: https://github.com/pallets/flask/pull/2629
.. _#2651: https://github.com/pallets/flask/issues/2651 .. _#2651: https://github.com/pallets/flask/issues/2651
.. _#2691: https://github.com/pallets/flask/pull/2691 .. _#2691: https://github.com/pallets/flask/pull/2691
.. _#2693: https://github.com/pallets/flask/pull/2693
Version 0.12.2 Version 0.12.2

2
docs/api.rst
View file

@ -85,7 +85,7 @@ Response Objects
---------------- ----------------
.. autoclass:: flask.Response .. autoclass:: flask.Response
:members: set_cookie, data, mimetype, is_json, get_json :members: set_cookie, max_cookie_size, data, mimetype, is_json, get_json
.. attribute:: headers .. attribute:: headers

8
docs/config.rst
View file

@ -343,6 +343,12 @@ The following configuration values are used internally by Flask:
Default: ``False`` Default: ``False``
.. py:data:: MAX_COOKIE_SIZE
Warn if cookie headers are larger than this many bytes. Defaults to
``4093``. Larger cookies may be silently ignored by browsers. Set to
``0`` to disable the warning.
.. versionadded:: 0.4 .. versionadded:: 0.4
``LOGGER_NAME`` ``LOGGER_NAME``
@ -381,6 +387,8 @@ The following configuration values are used internally by Flask:
Added :data:`SESSION_COOKIE_SAMESITE` to control the session Added :data:`SESSION_COOKIE_SAMESITE` to control the session
cookie's ``SameSite`` option. cookie's ``SameSite`` option.
Added :data:`MAX_COOKIE_SIZE` to control a warning from Werkzeug.
Configuring from Files Configuring from Files
---------------------- ----------------------

1
flask/app.py
View file

@ -305,6 +305,7 @@ class Flask(_PackageBoundObject):
'JSONIFY_PRETTYPRINT_REGULAR': False, 'JSONIFY_PRETTYPRINT_REGULAR': False,
'JSONIFY_MIMETYPE': 'application/json', 'JSONIFY_MIMETYPE': 'application/json',
'TEMPLATES_AUTO_RELOAD': None, 'TEMPLATES_AUTO_RELOAD': None,
'MAX_COOKIE_SIZE': 4093,
}) })
#: The rule object to use for URL rules created. This is used by #: The rule object to use for URL rules created. This is used by

17
flask/wrappers.py
View file

@ -191,9 +191,26 @@ class Response(ResponseBase, JSONMixin):
.. versionchanged:: 1.0 .. versionchanged:: 1.0
JSON support is added to the response, like the request. This is useful JSON support is added to the response, like the request. This is useful
when testing to get the test client response data as JSON. when testing to get the test client response data as JSON.
.. versionchanged:: 1.0
Added :attr:`max_cookie_size`.
""" """
default_mimetype = 'text/html' default_mimetype = 'text/html'
def _get_data_for_json(self, cache): def _get_data_for_json(self, cache):
return self.get_data() return self.get_data()
@property
def max_cookie_size(self):
"""Read-only view of the :data:`MAX_COOKIE_SIZE` config key.
See :attr:`~werkzeug.wrappers.BaseResponse.max_cookie_size` in
Werkzeug's docs.
"""
if current_app:
return current_app.config['MAX_COOKIE_SIZE']
# return Werkzeug's default when not in an app context
return super(Response, self).max_cookie_size

30
tests/test_basic.py
View file

@ -1917,3 +1917,33 @@ def test_run_from_config(monkeypatch, host, port, expect_host, expect_port, app)
monkeypatch.setattr(werkzeug.serving, 'run_simple', run_simple_mock) monkeypatch.setattr(werkzeug.serving, 'run_simple', run_simple_mock)
app.config['SERVER_NAME'] = 'pocoo.org:8080' app.config['SERVER_NAME'] = 'pocoo.org:8080'
app.run(host, port) app.run(host, port)
def test_max_cookie_size(app, client, recwarn):
app.config['MAX_COOKIE_SIZE'] = 100
# outside app context, default to Werkzeug static value,
# which is also the default config
response = flask.Response()
default = flask.Flask.default_config['MAX_COOKIE_SIZE']
assert response.max_cookie_size == default
# inside app context, use app config
with app.app_context():
assert flask.Response().max_cookie_size == 100
@app.route('/')
def index():
r = flask.Response('', status=204)
r.set_cookie('foo', 'bar' * 100)
return r
client.get('/')
assert len(recwarn) == 1
w = recwarn.pop()
assert 'cookie is too large' in str(w.message)
app.config['MAX_COOKIE_SIZE'] = 0
client.get('/')
assert len(recwarn) == 0