Loading docs/ref/request-response.txt +1 −5 Original line number Diff line number Diff line Loading @@ -651,11 +651,7 @@ Methods Returns ``True`` or ``False`` based on a case-insensitive check for a header with the given name. .. method:: HttpResponse.set_cookie(key, value='', max_age=None, expires=None, path='/', domain=None, secure=None, httponly=True) .. versionchanged:: 1.4 The default value for httponly was changed from ``False`` to ``True``. .. method:: HttpResponse.set_cookie(key, value='', max_age=None, expires=None, path='/', domain=None, secure=None, httponly=False) Sets a cookie. The parameters are the same as in the :class:`Cookie.Morsel` object in the Python standard library. Loading docs/topics/http/sessions.txt +3 −0 Original line number Diff line number Diff line Loading @@ -524,6 +524,9 @@ consistently by all browsers. However, when it is honored, it can be a useful way to mitigate the risk of client side script accessing the protected cookie data. .. versionchanged:: 1.4 The default value of the setting was changed from ``False`` to ``True``. .. _HTTPOnly: https://www.owasp.org/index.php/HTTPOnly SESSION_COOKIE_NAME Loading Loading
docs/ref/request-response.txt +1 −5 Original line number Diff line number Diff line Loading @@ -651,11 +651,7 @@ Methods Returns ``True`` or ``False`` based on a case-insensitive check for a header with the given name. .. method:: HttpResponse.set_cookie(key, value='', max_age=None, expires=None, path='/', domain=None, secure=None, httponly=True) .. versionchanged:: 1.4 The default value for httponly was changed from ``False`` to ``True``. .. method:: HttpResponse.set_cookie(key, value='', max_age=None, expires=None, path='/', domain=None, secure=None, httponly=False) Sets a cookie. The parameters are the same as in the :class:`Cookie.Morsel` object in the Python standard library. Loading
docs/topics/http/sessions.txt +3 −0 Original line number Diff line number Diff line Loading @@ -524,6 +524,9 @@ consistently by all browsers. However, when it is honored, it can be a useful way to mitigate the risk of client side script accessing the protected cookie data. .. versionchanged:: 1.4 The default value of the setting was changed from ``False`` to ``True``. .. _HTTPOnly: https://www.owasp.org/index.php/HTTPOnly SESSION_COOKIE_NAME Loading
