Starlette provides a `set_cookie` method to allow you to set cookies on the response object.
-Signature: `Response.set_cookie(key, value, max_age=None, expires=None, path="/", domain=None, secure=False, httponly=False, samesite="lax")`
+Signature: `Response.set_cookie(key, value, max_age=None, expires=None, path="/", domain=None, secure=False, httponly=False, samesite="lax", partitioned=False)`
* `key` - A string that will be the cookie's key.
* `value` - A string that will be the cookie's value.
* `secure` - A bool indicating that the cookie will only be sent to the server if request is made using SSL and the HTTPS protocol. `Optional`
* `httponly` - A bool indicating that the cookie cannot be accessed via JavaScript through `Document.cookie` property, the `XMLHttpRequest` or `Request` APIs. `Optional`
* `samesite` - A string that specifies the samesite strategy for the cookie. Valid values are `'lax'`, `'strict'` and `'none'`. Defaults to `'lax'`. `Optional`
+* `partitioned` - A bool that indicates to user agents that these cross-site cookies should only be available in the same top-level context that the cookie was first set in. Only available for Python 3.14+, otherwise an error will be raised. `Optional`
#### Delete Cookie
import os
import re
import stat
+import sys
import typing
import warnings
from datetime import datetime
secure: bool = False,
httponly: bool = False,
samesite: typing.Literal["lax", "strict", "none"] | None = "lax",
+ partitioned: bool = False,
) -> None:
cookie: http.cookies.BaseCookie[str] = http.cookies.SimpleCookie()
cookie[key] = value
"none",
], "samesite must be either 'strict', 'lax' or 'none'"
cookie[key]["samesite"] = samesite
+ if partitioned:
+ if sys.version_info < (3, 14):
+ raise ValueError("Partitioned cookies are only supported in Python 3.14 and above.") # pragma: no cover
+ cookie[key]["partitioned"] = True # pragma: no cover
+
cookie_val = cookie.output(header="").strip()
self.raw_headers.append((b"set-cookie", cookie_val.encode("latin-1")))
from __future__ import annotations
import datetime as dt
+import sys
import time
from collections.abc import AsyncGenerator, AsyncIterator, Iterator
from http.cookies import SimpleCookie
secure=True,
httponly=True,
samesite="none",
+ partitioned=True if sys.version_info >= (3, 14) else False,
)
await response(scope, receive, send)
+ partitioned_text = "Partitioned; " if sys.version_info >= (3, 14) else ""
+
client = test_client_factory(app)
response = client.get("/")
assert response.text == "Hello, world!"
assert (
response.headers["set-cookie"] == "mycookie=myvalue; Domain=localhost; expires=Thu, 22 Jan 2037 12:00:10 GMT; "
- "HttpOnly; Max-Age=10; Path=/; SameSite=none; Secure"
+ f"HttpOnly; Max-Age=10; {partitioned_text}Path=/; SameSite=none; Secure"
)
+@pytest.mark.skipif(sys.version_info >= (3, 14), reason="Only relevant for <3.14")
+def test_set_cookie_raises_for_invalid_python_version(
+ test_client_factory: TestClientFactory,
+) -> None: # pragma: no cover
+ async def app(scope: Scope, receive: Receive, send: Send) -> None:
+ response = Response("Hello, world!", media_type="text/plain")
+ with pytest.raises(ValueError):
+ response.set_cookie("mycookie", "myvalue", partitioned=True)
+ await response(scope, receive, send)
+
+ client = test_client_factory(app)
+ response = client.get("/")
+ assert response.text == "Hello, world!"
+ assert response.headers.get("set-cookie") is None
+
+
def test_set_cookie_path_none(test_client_factory: TestClientFactory) -> None:
async def app(scope: Scope, receive: Receive, send: Send) -> None:
response = Response("Hello, world!", media_type="text/plain")
projects / thirdparty / starlette.git / commitdiff
