Browse Source

Merge pull request #2693 from davidism/max-cookie-size

add Response.max_cookie_size config
pull/2697/head
David Lord 7 years ago committed by GitHub
parent
commit
d8bf589d48
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 12
      CHANGES.rst
  2. 2
      docs/api.rst
  3. 8
      docs/config.rst
  4. 1
      flask/app.py
  5. 17
      flask/wrappers.py
  6. 30
      tests/test_basic.py

12
CHANGES.rst

@ -145,11 +145,14 @@ unreleased
(`#2635`_)
- A single trailing slash is stripped from the blueprint ``url_prefix``
when it is registered with the app. (`#2629`_)
- :meth:`Request.get_json() <flask.Request.get_json>` doesn't cache the
- :meth:`Request.get_json` doesn't cache the
result if parsing fails when ``silent`` is true. (`#2651`_)
- :func:`request.get_json <flask.Request.get_json>` no longer accepts
arbitrary encodings. Incoming JSON should be encoded using UTF-8 per
:rfc:`8259`, but Flask will autodetect UTF-8, -16, or -32. (`#2691`_)
- :func:`Request.get_json` no longer accepts arbitrary encodings.
Incoming JSON should be encoded using UTF-8 per :rfc:`8259`, but Flask
will autodetect UTF-8, -16, or -32. (`#2691`_)
- Added :data:`MAX_COOKIE_SIZE` and :attr:`Response.max_cookie_size` to
control when Werkzeug warns about large cookies that browsers may
ignore. (`#2693`_)
.. _pallets/meta#24: https://github.com/pallets/meta/issues/24
.. _#1421: https://github.com/pallets/flask/issues/1421
@ -196,6 +199,7 @@ unreleased
.. _#2629: https://github.com/pallets/flask/pull/2629
.. _#2651: https://github.com/pallets/flask/issues/2651
.. _#2691: https://github.com/pallets/flask/pull/2691
.. _#2693: https://github.com/pallets/flask/pull/2693
Version 0.12.2

2
docs/api.rst

@ -85,7 +85,7 @@ Response Objects
----------------
.. autoclass:: flask.Response
:members: set_cookie, data, mimetype, is_json, get_json
:members: set_cookie, max_cookie_size, data, mimetype, is_json, get_json
.. attribute:: headers

8
docs/config.rst

@ -343,6 +343,12 @@ The following configuration values are used internally by Flask:
Default: ``False``
.. py:data:: MAX_COOKIE_SIZE
Warn if cookie headers are larger than this many bytes. Defaults to
``4093``. Larger cookies may be silently ignored by browsers. Set to
``0`` to disable the warning.
.. versionadded:: 0.4
``LOGGER_NAME``
@ -381,6 +387,8 @@ The following configuration values are used internally by Flask:
Added :data:`SESSION_COOKIE_SAMESITE` to control the session
cookie's ``SameSite`` option.
Added :data:`MAX_COOKIE_SIZE` to control a warning from Werkzeug.
Configuring from Files
----------------------

1
flask/app.py

@ -305,6 +305,7 @@ class Flask(_PackageBoundObject):
'JSONIFY_PRETTYPRINT_REGULAR': False,
'JSONIFY_MIMETYPE': 'application/json',
'TEMPLATES_AUTO_RELOAD': None,
'MAX_COOKIE_SIZE': 4093,
})
#: The rule object to use for URL rules created. This is used by

17
flask/wrappers.py

@ -191,9 +191,26 @@ class Response(ResponseBase, JSONMixin):
.. versionchanged:: 1.0
JSON support is added to the response, like the request. This is useful
when testing to get the test client response data as JSON.
.. versionchanged:: 1.0
Added :attr:`max_cookie_size`.
"""
default_mimetype = 'text/html'
def _get_data_for_json(self, cache):
return self.get_data()
@property
def max_cookie_size(self):
"""Read-only view of the :data:`MAX_COOKIE_SIZE` config key.
See :attr:`~werkzeug.wrappers.BaseResponse.max_cookie_size` in
Werkzeug's docs.
"""
if current_app:
return current_app.config['MAX_COOKIE_SIZE']
# return Werkzeug's default when not in an app context
return super(Response, self).max_cookie_size

30
tests/test_basic.py

@ -1917,3 +1917,33 @@ def test_run_from_config(monkeypatch, host, port, expect_host, expect_port, app)
monkeypatch.setattr(werkzeug.serving, 'run_simple', run_simple_mock)
app.config['SERVER_NAME'] = 'pocoo.org:8080'
app.run(host, port)
def test_max_cookie_size(app, client, recwarn):
app.config['MAX_COOKIE_SIZE'] = 100
# outside app context, default to Werkzeug static value,
# which is also the default config
response = flask.Response()
default = flask.Flask.default_config['MAX_COOKIE_SIZE']
assert response.max_cookie_size == default
# inside app context, use app config
with app.app_context():
assert flask.Response().max_cookie_size == 100
@app.route('/')
def index():
r = flask.Response('', status=204)
r.set_cookie('foo', 'bar' * 100)
return r
client.get('/')
assert len(recwarn) == 1
w = recwarn.pop()
assert 'cookie is too large' in str(w.message)
app.config['MAX_COOKIE_SIZE'] = 0
client.get('/')
assert len(recwarn) == 0

Loading…
Cancel
Save