Browse Source

Merge pull request #2693 from davidism/max-cookie-size

add Response.max_cookie_size config
pull/2697/head
David Lord 7 years ago committed by GitHub
parent
commit
d8bf589d48
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 12
      CHANGES.rst
  2. 2
      docs/api.rst
  3. 8
      docs/config.rst
  4. 1
      flask/app.py
  5. 17
      flask/wrappers.py
  6. 30
      tests/test_basic.py

12
CHANGES.rst

@ -145,11 +145,14 @@ unreleased
(`#2635`_) (`#2635`_)
- A single trailing slash is stripped from the blueprint ``url_prefix`` - A single trailing slash is stripped from the blueprint ``url_prefix``
when it is registered with the app. (`#2629`_) when it is registered with the app. (`#2629`_)
- :meth:`Request.get_json() <flask.Request.get_json>` doesn't cache the - :meth:`Request.get_json` doesn't cache the
result if parsing fails when ``silent`` is true. (`#2651`_) result if parsing fails when ``silent`` is true. (`#2651`_)
- :func:`request.get_json <flask.Request.get_json>` no longer accepts - :func:`Request.get_json` no longer accepts arbitrary encodings.
arbitrary encodings. Incoming JSON should be encoded using UTF-8 per Incoming JSON should be encoded using UTF-8 per :rfc:`8259`, but Flask
:rfc:`8259`, but Flask will autodetect UTF-8, -16, or -32. (`#2691`_) will autodetect UTF-8, -16, or -32. (`#2691`_)
- Added :data:`MAX_COOKIE_SIZE` and :attr:`Response.max_cookie_size` to
control when Werkzeug warns about large cookies that browsers may
ignore. (`#2693`_)
.. _pallets/meta#24: https://github.com/pallets/meta/issues/24 .. _pallets/meta#24: https://github.com/pallets/meta/issues/24
.. _#1421: https://github.com/pallets/flask/issues/1421 .. _#1421: https://github.com/pallets/flask/issues/1421
@ -196,6 +199,7 @@ unreleased
.. _#2629: https://github.com/pallets/flask/pull/2629 .. _#2629: https://github.com/pallets/flask/pull/2629
.. _#2651: https://github.com/pallets/flask/issues/2651 .. _#2651: https://github.com/pallets/flask/issues/2651
.. _#2691: https://github.com/pallets/flask/pull/2691 .. _#2691: https://github.com/pallets/flask/pull/2691
.. _#2693: https://github.com/pallets/flask/pull/2693
Version 0.12.2 Version 0.12.2

2
docs/api.rst

@ -85,7 +85,7 @@ Response Objects
---------------- ----------------
.. autoclass:: flask.Response .. autoclass:: flask.Response
:members: set_cookie, data, mimetype, is_json, get_json :members: set_cookie, max_cookie_size, data, mimetype, is_json, get_json
.. attribute:: headers .. attribute:: headers

8
docs/config.rst

@ -343,6 +343,12 @@ The following configuration values are used internally by Flask:
Default: ``False`` Default: ``False``
.. py:data:: MAX_COOKIE_SIZE
Warn if cookie headers are larger than this many bytes. Defaults to
``4093``. Larger cookies may be silently ignored by browsers. Set to
``0`` to disable the warning.
.. versionadded:: 0.4 .. versionadded:: 0.4
``LOGGER_NAME`` ``LOGGER_NAME``
@ -381,6 +387,8 @@ The following configuration values are used internally by Flask:
Added :data:`SESSION_COOKIE_SAMESITE` to control the session Added :data:`SESSION_COOKIE_SAMESITE` to control the session
cookie's ``SameSite`` option. cookie's ``SameSite`` option.
Added :data:`MAX_COOKIE_SIZE` to control a warning from Werkzeug.
Configuring from Files Configuring from Files
---------------------- ----------------------

1
flask/app.py

@ -305,6 +305,7 @@ class Flask(_PackageBoundObject):
'JSONIFY_PRETTYPRINT_REGULAR': False, 'JSONIFY_PRETTYPRINT_REGULAR': False,
'JSONIFY_MIMETYPE': 'application/json', 'JSONIFY_MIMETYPE': 'application/json',
'TEMPLATES_AUTO_RELOAD': None, 'TEMPLATES_AUTO_RELOAD': None,
'MAX_COOKIE_SIZE': 4093,
}) })
#: The rule object to use for URL rules created. This is used by #: The rule object to use for URL rules created. This is used by

17
flask/wrappers.py

@ -191,9 +191,26 @@ class Response(ResponseBase, JSONMixin):
.. versionchanged:: 1.0 .. versionchanged:: 1.0
JSON support is added to the response, like the request. This is useful JSON support is added to the response, like the request. This is useful
when testing to get the test client response data as JSON. when testing to get the test client response data as JSON.
.. versionchanged:: 1.0
Added :attr:`max_cookie_size`.
""" """
default_mimetype = 'text/html' default_mimetype = 'text/html'
def _get_data_for_json(self, cache): def _get_data_for_json(self, cache):
return self.get_data() return self.get_data()
@property
def max_cookie_size(self):
"""Read-only view of the :data:`MAX_COOKIE_SIZE` config key.
See :attr:`~werkzeug.wrappers.BaseResponse.max_cookie_size` in
Werkzeug's docs.
"""
if current_app:
return current_app.config['MAX_COOKIE_SIZE']
# return Werkzeug's default when not in an app context
return super(Response, self).max_cookie_size

30
tests/test_basic.py

@ -1917,3 +1917,33 @@ def test_run_from_config(monkeypatch, host, port, expect_host, expect_port, app)
monkeypatch.setattr(werkzeug.serving, 'run_simple', run_simple_mock) monkeypatch.setattr(werkzeug.serving, 'run_simple', run_simple_mock)
app.config['SERVER_NAME'] = 'pocoo.org:8080' app.config['SERVER_NAME'] = 'pocoo.org:8080'
app.run(host, port) app.run(host, port)
def test_max_cookie_size(app, client, recwarn):
app.config['MAX_COOKIE_SIZE'] = 100
# outside app context, default to Werkzeug static value,
# which is also the default config
response = flask.Response()
default = flask.Flask.default_config['MAX_COOKIE_SIZE']
assert response.max_cookie_size == default
# inside app context, use app config
with app.app_context():
assert flask.Response().max_cookie_size == 100
@app.route('/')
def index():
r = flask.Response('', status=204)
r.set_cookie('foo', 'bar' * 100)
return r
client.get('/')
assert len(recwarn) == 1
w = recwarn.pop()
assert 'cookie is too large' in str(w.message)
app.config['MAX_COOKIE_SIZE'] = 0
client.get('/')
assert len(recwarn) == 0

Loading…
Cancel
Save