From adabb3e4df07145684544cc2ab894aede45e08ff Mon Sep 17 00:00:00 2001 From: manatlan Date: Sun, 13 Oct 2024 10:22:55 +0200 Subject: [PATCH] runner(...ssl...) : ssl deprecated --- README.md | 10 ++-------- htagweb/runners.py | 17 ++++++++++------- 2 files changed, 12 insertions(+), 15 deletions(-) diff --git a/README.md b/README.md index bfcc7e1..5bcfef6 100644 --- a/README.md +++ b/README.md @@ -58,12 +58,6 @@ The port to bind to. (default is 8000) - When False: (default) no debugging facilities - When True: use starlette debugger. -#### ssl (bool) - -Indicate that "Secure flag" should be set for middleware WebServerSession cookie only !!!! -(default is False) - -non-sense in http_only mode. #### parano (bool) @@ -102,7 +96,7 @@ from starlette.responses import PlainTextResponse async def serve(req): return PlainTextResponse("body {}") -app=Runner( App, debug=False, ssl=True ) +app=Runner( App, debug=False ) app.add_route("/my.css", serve) ``` @@ -112,7 +106,7 @@ Example to add another htag app on another endpoint : async def serve(req): return await req.app.handle(req, App2 ) -app=Runner( App, debug=False, ssl=True ) +app=Runner( App, debug=False ) app.add_route("/my_other_app", serve) ``` diff --git a/htagweb/runners.py b/htagweb/runners.py index 2c6111f..972c6ee 100644 --- a/htagweb/runners.py +++ b/htagweb/runners.py @@ -51,14 +51,11 @@ parano_seed = lambda uid: hashlib.md5(uid.encode()).hexdigest() class WebServerSession: # ASGI Middleware, for starlette - def __init__(self, app:ASGIApp, https_only:bool = False ) -> None: + def __init__(self, app:ASGIApp ) -> None: self.app = app self.session_cookie = "session" self.max_age = 0 self.path = "/" - self.security_flags = "httponly; samesite=none" - if https_only: # Secure flag can be used with HTTPS only - self.security_flags += "; secure" async def __call__(self, scope: Scope, receive: Receive, send: Send) -> None: if scope["type"] not in ("http", "websocket"): # pragma: no cover @@ -72,6 +69,10 @@ async def __call__(self, scope: Scope, receive: Receive, send: Send) -> None: else: uid = str(uuid.uuid4()) + security_flags = "httponly; samesite=none" + if connection.url.scheme == "https": # Secure flag can be used with HTTPS only + security_flags += "; secure" + #!!!!!!!!!!!!!!!!!!!!!!!!!!! scope["uid"] = uid scope["session"] = Session(uid) # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! @@ -88,7 +89,7 @@ async def send_wrapper(message: Message) -> None: data=uid, path=self.path, max_age=f"Max-Age={self.max_age}; " if self.max_age else "", - security_flags=self.security_flags, + security_flags=security_flags, ) headers.append("Set-Cookie", header_value) await send(message) @@ -199,7 +200,7 @@ def __init__(self, host="0.0.0.0", port=8000, debug:bool=False, - ssl:bool=False, # now, Indicate that Secure flag should be set for middleware WebServerSession (cookies) + ssl=None, # DEPRECATED parano:bool=False, http_only:bool=False, timeout_interaction:int=60, @@ -212,6 +213,8 @@ def __init__(self, self.timeout_interaction = timeout_interaction self.timeout_inactivity = timeout_inactivity self.fullerror = debug + if ssl is not None: + print("***WARNING**","Runner( ... ssl ...) is deprecated, and has no effect") ################################################################### @@ -225,7 +228,7 @@ def __init__(self, Starlette.__init__( self, debug=debug, routes=routes, - middleware=[Middleware(WebServerSession,https_only=ssl)], + middleware=[Middleware(WebServerSession)], lifespan=lifespan, )