summary refs log tree commit diff stats
diff options
context:
space:
mode:
authorFederico Ceratto <federico@debian.org>2021-11-11 07:41:21 +0000
committerGitHub <noreply@github.com>2021-11-11 08:41:21 +0100
commit036d894e6a13cf9792c3250e34252a225c73e468 (patch)
tree20a58ea31a6223ec33631f14aec4475eb12c6026
parent77b696c2c92b5f478526290c5e184a4c41060f7b (diff)
downloadNim-036d894e6a13cf9792c3250e34252a225c73e468.tar.gz
Add security tip for setCookie (#19117)
* Add security tip for setCookie

* Update lib/pure/cookies.nim

Co-authored-by: Dominik Picheta <dominikpicheta@googlemail.com>

* Update lib/pure/cookies.nim

Co-authored-by: konsumlamm <44230978+konsumlamm@users.noreply.github.com>

Co-authored-by: Andreas Rumpf <rumpf_a@web.de>
Co-authored-by: Dominik Picheta <dominikpicheta@googlemail.com>
Co-authored-by: konsumlamm <44230978+konsumlamm@users.noreply.github.com>
Diffstat
-rw-r--r--lib/pure/cookies.nim3
1 files changed, 3 insertions, 0 deletions
diff --git a/lib/pure/cookies.nim b/lib/pure/cookies.nim
index 25d701eb4..132f64637 100644
--- a/lib/pure/cookies.nim
+++ b/lib/pure/cookies.nim
@@ -50,6 +50,9 @@ proc setCookie*(key, value: string, domain = "", path = "",
                 maxAge = none(int), sameSite = SameSite.Default): string =
   ## Creates a command in the format of
   ## `Set-Cookie: key=value; Domain=...; ...`
+  ##
+
+  ## .. tip: Cookies can be vulnerable. Consider setting `secure=true`, `httpOnly=true` and `sameSite=Strict`.
   result = ""
   if not noName: result.add("Set-Cookie: ")
   result.add key & "=" & value
generated by cgit-pink 1.4.1-2-gfad0 (git 2.36.2.497.gbbea4dcf42) at 2025-04-23 01:53:00 +0000