Skip to content

implement SameSite cookie attribute #50

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
tripsolutions wants to merge 2 commits into
base: master
Choose a base branch
from
Open

implement SameSite cookie attribute #50

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
38037c4
implement SameSite cookie attribute
georgebarbarosie Mar 2, 2021
21edb40
forgot to pass samesite to the JWTCookeiAuthenticationPolicy
georgebarbarosie Mar 2, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions README.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -233,6 +233,9 @@ The follow options applies to the cookie-based authentication policy:
| https_only | jwt.https_only_cookie | True | Whether or not the token should only be |
| | | | sent through a secure HTTPS transport |
+----------------+---------------------------+---------------+--------------------------------------------+
| samesite | jwt.samesite | one | Set the 'SameSite' attribute of the cookie |
| | | | can be 'strict', 'lax', 'none' |
+----------------+---------------------------+---------------+--------------------------------------------+
| reissue_time | jwt.cookie_reissue_time | None | Number of seconds (or a datetime.timedelta |
| | | | instance) before a cookie (and the token |
| | | | within it) is reissued |
Expand Down
4 changes: 4 additions & 0 deletions src/pyramid_jwt/__init__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -94,6 +94,7 @@ def set_jwt_cookie_authentication_policy(
audience=None,
cookie_name=None,
https_only=True,
samesite=None,
reissue_time=None,
cookie_path=None,
):
Expand All @@ -103,6 +104,8 @@ def set_jwt_cookie_authentication_policy(
reissue_time = reissue_time or settings.get("jwt.cookie_reissue_time")
if https_only is None:
https_only = settings.get("jwt.https_only_cookie", True)
if samesite is None:
samesite = settings.get("jwt.samesite", None)

auth_policy = create_jwt_authentication_policy(
config,
Expand All @@ -123,6 +126,7 @@ def set_jwt_cookie_authentication_policy(
cookie_name=cookie_name,
https_only=https_only,
reissue_time=reissue_time,
samesite=samesite,
cookie_path=cookie_path,
)

Expand Down
3 changes: 3 additions & 0 deletions src/pyramid_jwt/policy.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -170,6 +170,7 @@ def __init__(
audience=None,
cookie_name=None,
https_only=True,
samesite=None,
reissue_time=None,
cookie_path=None,
):
Expand All @@ -188,6 +189,7 @@ def __init__(
)

self.https_only = https_only
self.samesite = samesite
self.cookie_name = cookie_name or "Authorization"
self.max_age = self.expiration and self.expiration.total_seconds()

Expand All @@ -198,6 +200,7 @@ def __init__(
self.cookie_profile = CookieProfile(
cookie_name=self.cookie_name,
secure=self.https_only,
samesite=self.samesite,
max_age=self.max_age,
httponly=True,
path=cookie_path,
Expand Down