setSameSite.py (1555B)
1 from cookies.resources.helpers import makeCookieHeader, setNoCacheAndCORSHeaders 2 3 from wptserve.utils import isomorphic_encode 4 5 def main(request, response): 6 """Respond to `/cookie/set/samesite?{value}` by setting four cookies: 7 1. `samesite_strict={value};SameSite=Strict;path=/` 8 2. `samesite_lax={value};SameSite=Lax;path=/` 9 3. `samesite_none={value};SameSite=None;path=/` 10 4. `samesite_unspecified={value};path=/` 11 Then navigate to a page that will post a message back to the opener with the set cookies""" 12 headers = setNoCacheAndCORSHeaders(request, response) 13 value = isomorphic_encode(request.url_parts.query) 14 15 headers.append((b"Content-Type", b"text/html; charset=utf-8")) 16 headers.append(makeCookieHeader(b"samesite_strict", value, {b"SameSite":b"Strict", b"path":b"/"})) 17 headers.append(makeCookieHeader(b"samesite_lax", value, {b"SameSite":b"Lax", b"path":b"/"})) 18 # SameSite=None cookies must be Secure. 19 headers.append(makeCookieHeader(b"samesite_none", value, {b"SameSite":b"None", b"path":b"/", b"Secure": b""})) 20 headers.append(makeCookieHeader(b"samesite_unspecified", value, {b"path":b"/"})) 21 22 document = b""" 23 <!DOCTYPE html> 24 <script> 25 // A same-site navigation, which should attach all cookies including SameSite ones. 26 // This is necessary because this page may have been reached via a cross-site navigation, so 27 // we might not have access to some SameSite cookies from here. 28 window.location = "../samesite/resources/echo-cookies.html"; 29 </script> 30 """ 31 32 return headers, document