aio-libs
Missing SameSite when deleting cookie
It seems when we delete a cookie, Firefox produces this warning:
Cookie “AIOHTTP_SESSION” does not have a proper “SameSite” attribute value. Soon, cookies without the “SameSite” attribute or with an invalid value will be treated as “Lax”. This means that the cookie will no longer be sent in third-party contexts. If your application depends on this cookie being available in such contexts, please add the “SameSite=None“ attribute to it. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite
Maybe we should add this parameter to the del_cookie method? Or, maybe it should be considered a bug in Firefox and they shouldn't produce this warning?
I've encountered this bug, maybe we'll change the del_cookie signature a bit. FROM
def del_cookie(
self, name: str, *, domain: Optional[str] = None, path: str = "/"
) -> None:
TO
def del_cookie(
self, name: str, *, domain: Optional[str] = None, path: str = "/", **kwargs,
) -> None:
...
self.set_cookie(
name,
"",
max_age=0,
expires="Thu, 01 Jan 1970 00:00:00 GMT",
domain=domain,
path=path,
**kwargs,
)
So that you can pass the attributes somesite, secure, httponly when deleting cookies. in my case, I just use set_cookie with max_age=0, and rotten expires to delete cookies while passing additional attributes samesite, httponly, secure
