Skip to content

Commit

Permalink
Don't ascribe cookies to the target domain.
Browse files Browse the repository at this point in the history
  • Loading branch information
@Lukasa
Lukasa committed Mar 14, 2015
1 parent bc746e1 commit 3bd8afb
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion requests/sessions.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -171,7 +171,7 @@ def resolve_redirects(self, resp, req, stream=False, timeout=None,
except KeyError:
pass

extract_cookies_to_jar(prepared_request._cookies, prepared_request, resp.raw)
extract_cookies_to_jar(prepared_request._cookies, req, resp.raw)
prepared_request._cookies.update(self.cookies)
prepared_request.prepare_cookies(prepared_request._cookies)

Expand Down

4 comments on commit 3bd8afb

@sigmavirus24
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@eriol @ralphbean now that the disclosure is public. Feel free to backport this to older supported versions of requests to help affected users.

@eriol
Copy link
Contributor

@eriol eriol commented on 3bd8afb Mar 16, 2015

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Many thanks @sigmavirus24, I already fixed the package but I have to coordinate with the release team for the upload.

@ralphbean
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Only saw this today. Fedora updates created for Fedora 22 and Fedora 21.

Fedora 20 and EPEL ship an older python-requests (1.2.3 and earlier) which the disclosure doesn't report as vulnerable.

@sigmavirus24
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🍰 for both @eriol and @ralphbean

Please sign in to comment.