Support for Partitioned cookies attribute #112713
Comments
|
Hey there @AlexWaygood, just a ping on this issue per the contributors guide -- this issue and the PR have been up for about six weeks now. A review would be appreciated, thank you! |
|
I need this feature, for starlette. encode/starlette#2500. |
the test should fail, we need to wait for python/cpython#112713
|
AFAIU this is a proposed / experimental thing for now, and from MDN it’s not implemented in Firefox or Safari yet. |
|
@gpshead could you reply to my note here before going on with the PR? |
|
Sorry I missed your comment earlier. Holding off awaiting a standard is fine, I misread it and thought it'd been implemented already rather than seeing those were the prior attempts. This really just seems to be adding an attribute that adds an additional string to a cookie. If it winds up not meaning anything, it wouldn't be the end of the world - though we'd obviously need different docs than what the PR contains right now. What's the alternative within the existing |
|
I would like to note that https://developers.google.com/privacy-sandbox/3pcd#report-issues google is already rolling out this change for 1% of users. |
|
We had to patch in support for partitioned cookies ourselves in preparation for the switch to partitioned cookies in Edge / Chrome because that will likely be coming for every Chrome and Edge users no matter what. For us that makes the experience of users in embedded contexts much smoother since we know that we will be supporting embedding even after the phaseout of 3rd party cookies has been completed sometime this year on those two browsers. It would be nice not having to patch it because the accepted attributes for morsels are as restrictive as they currently are, especially since unknown properties are simply ignored by other browsers. Firefox and Safari don't care if the Partitioned property is set and continue working with the cookies as is. In conclusion waiting for this PR to be pulled until this has become a standard results in either a worse experience for users of chromium browsers or having to manually patch it in anyway. WebKit/standards-positions#50 |
|
OK, there seems to be consensus, so this can be added to 3.13 |
As of UniFi Protect 4.0.5, they have started sending the cookie flag "partitioned". Python currently does not know about this (planned to be fixed in 3.13 python/cpython#112713). This causes the cookie to be considered invalid, and thus the auth cookie is never saved. Since unifi protect rate limits authentication attempts this leads to 501 errors after a few requests are made. This commit adds `partitioned` to the list of cookie flags the standard library accepts as valid. Thus allowing the cookie to be correctly parsed and saved.
|
FTR: issues with |
|
ok but why remove the tag indicating the version that a feature will or does appear in? |
|
I think it's because the feature may or may not be included in that version when it's being merged. (Actually, I'm only following the devguide: https://devguide.python.org/triage/labels/#type-labels). We however use the 3.x labels for indicating the versions being affected by bugs (and those labels are then mirrored on the PR with "need backport 3.x") |
|
FYI, current behavior is to just silently drop cookie data when encountering any unsupported field such as python -i
Python 3.13.0 experimental free-threading build (main, Oct 16 2024, 03:26:14) [Clang 18.1.8 ] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> from http.cookies import SimpleCookie
>>> c=SimpleCookie()
>>> c.load('TOKEN=foo; path=/; expires=Fri, 06 Dec 2024 18:10:39 GMT; samesite=none; secure; httponly; partitioned;')
>>> c
<SimpleCookie: >
>>> c.load('TOKEN=foo; path=/; expires=Fri, 06 Dec 2024 18:10:39 GMT; samesite=none; secure; httponly;')
>>> c
<SimpleCookie: TOKEN='foo'> |
|
@merwok @gpshead just wanted to bump #112714 (comment) -- I think the PR to resolve this remains ready for review. |
|
Thanks for your work and patience. the PR is approved and set to automerge! |
…H-112714) * Add support for 'partitioned' attribute in http.cookies Co-authored-by: Giles Copp <[email protected]> Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com> Co-authored-by: Gregory P. Smith [Google LLC] <[email protected]>
Feature or enhancement
Proposal:
Chrome is phasing out support for Third Party Cookies in Q1 2024, and for several key use cases, the proposed solution is CHIPS (https://github.com/privacycg/CHIPS).
See Chrome's blogpost about these changes: https://developer.chrome.com/en/docs/privacy-sandbox/third-party-cookie-phase-out/#partitioned
Currently, cookies with the
Partitionedattribute cannot be set from within thehttp.cookieslibrary. I'm proposing that we add support for that attribute.Has this already been discussed elsewhere?
This is a minor feature, which does not need previous discussion elsewhere
Links to previous discussion of this feature:
No response
Linked PRs
The text was updated successfully, but these errors were encountered: