add Response.max_cookie_size config

8 years ago · 1ed756a523
6 changed files with 65 additions and 5 deletions
--- a/CHANGES.rst
+++ b/CHANGES.rst
@ -145,11 +145,14 @@ unreleased
  (`#2635`_)
 - A single trailing slash is stripped from the blueprint ``url_prefix``
  when it is registered with the app. (`#2629`_)
- :meth:`Request.get_json() <flask.Request.get_json>` doesn't cache the
+- :meth:`Request.get_json` doesn't cache the
  result if parsing fails when ``silent`` is true. (`#2651`_)
- :func:`request.get_json <flask.Request.get_json>` no longer accepts
+- :func:`Request.get_json` no longer accepts arbitrary encodings.
-  arbitrary encodings. Incoming JSON should be encoded using UTF-8 per
+  Incoming JSON should be encoded using UTF-8 per :rfc:`8259`, but Flask
-  :rfc:`8259`, but Flask will autodetect UTF-8, -16, or -32. (`#2691`_)
+  will autodetect UTF-8, -16, or -32. (`#2691`_)
 - Added :data:`MAX_COOKIE_SIZE` and :attr:`Response.max_cookie_size` to
  control when Werkzeug warns about large cookies that browsers may
  ignore. (`#2693`_)
 .. _pallets/meta#24: https://github.com/pallets/meta/issues/24
 .. _#1421: https://github.com/pallets/flask/issues/1421
@ -196,6 +199,7 @@ unreleased
 .. _#2629: https://github.com/pallets/flask/pull/2629
 .. _#2651: https://github.com/pallets/flask/issues/2651
 .. _#2691: https://github.com/pallets/flask/pull/2691
 .. _#2693: https://github.com/pallets/flask/pull/2693
 Version 0.12.2
--- a/docs/api.rst
+++ b/docs/api.rst
@ -85,7 +85,7 @@ Response Objects
 ----------------
 .. autoclass:: flask.Response
-   :members: set_cookie, data, mimetype, is_json, get_json
+   :members: set_cookie, max_cookie_size, data, mimetype, is_json, get_json
   .. attribute:: headers
--- a/docs/config.rst
+++ b/docs/config.rst
@ -343,6 +343,12 @@ The following configuration values are used internally by Flask:
    Default: ``False``
 .. py:data:: MAX_COOKIE_SIZE
    Warn if cookie headers are larger than this many bytes. Defaults to
    ``4093``. Larger cookies may be silently ignored by browsers. Set to
    ``0`` to disable the warning.
 .. versionadded:: 0.4
   ``LOGGER_NAME``
@ -381,6 +387,8 @@ The following configuration values are used internally by Flask:
    Added :data:`SESSION_COOKIE_SAMESITE` to control the session
    cookie's ``SameSite`` option.
    Added :data:`MAX_COOKIE_SIZE` to control a warning from Werkzeug.
 Configuring from Files
 ----------------------
--- a/flask/app.py
+++ b/flask/app.py
@ -305,6 +305,7 @@ class Flask(_PackageBoundObject):
        'JSONIFY_PRETTYPRINT_REGULAR':          False,
        'JSONIFY_MIMETYPE':                     'application/json',
        'TEMPLATES_AUTO_RELOAD':                None,
        'MAX_COOKIE_SIZE': 4093,
    })
    #: The rule object to use for URL rules created.  This is used by
--- a/flask/wrappers.py
+++ b/flask/wrappers.py
@ -191,9 +191,26 @@ class Response(ResponseBase, JSONMixin):
    .. versionchanged:: 1.0
        JSON support is added to the response, like the request. This is useful
        when testing to get the test client response data as JSON.
    .. versionchanged:: 1.0
        Added :attr:`max_cookie_size`.
    """
    default_mimetype = 'text/html'
    def _get_data_for_json(self, cache):
        return self.get_data()
    @property
    def max_cookie_size(self):
        """Read-only view of the :data:`MAX_COOKIE_SIZE` config key.
        See :attr:`~werkzeug.wrappers.BaseResponse.max_cookie_size` in
        Werkzeug's docs.
        """
        if current_app:
            return current_app.config['MAX_COOKIE_SIZE']
        # return Werkzeug's default when not in an app context
        return super(Response, self).max_cookie_size
--- a/tests/test_basic.py
+++ b/tests/test_basic.py
@ -1917,3 +1917,33 @@ def test_run_from_config(monkeypatch, host, port, expect_host, expect_port, app)
    monkeypatch.setattr(werkzeug.serving, 'run_simple', run_simple_mock)
    app.config['SERVER_NAME'] = 'pocoo.org:8080'
    app.run(host, port)
 def test_max_cookie_size(app, client, recwarn):
    app.config['MAX_COOKIE_SIZE'] = 100
    # outside app context, default to Werkzeug static value,
    # which is also the default config
    response = flask.Response()
    default = flask.Flask.default_config['MAX_COOKIE_SIZE']
    assert response.max_cookie_size == default
    # inside app context, use app config
    with app.app_context():
        assert flask.Response().max_cookie_size == 100
    @app.route('/')
    def index():
        r = flask.Response('', status=204)
        r.set_cookie('foo', 'bar' * 100)
        return r
    client.get('/')
    assert len(recwarn) == 1
    w = recwarn.pop()
    assert 'cookie is too large' in str(w.message)
    app.config['MAX_COOKIE_SIZE'] = 0
    client.get('/')
    assert len(recwarn) == 0