Compare commits
No commits in common. "e506dd5f31a137faa3c38534c7269075a17f0300" and "4c3ab1d971126825659253ad3542af5ffcefb98f" have entirely different histories.
e506dd5f31
...
4c3ab1d971
@ -1,97 +0,0 @@
|
||||
From 3fddbbeaa006ba299cf8e8356618a1d9043091eb Mon Sep 17 00:00:00 2001
|
||||
From: starlet-dx <15929766099@163.com>
|
||||
Date: Thu, 11 May 2023 15:46:45 +0800
|
||||
Subject: [PATCH 1/1] set `Vary: Cookie` header consistently for session
|
||||
|
||||
Origin:
|
||||
https://github.com/pallets/flask/commit/8646edca6f47e2cd57464081b3911218d4734f8d
|
||||
|
||||
---
|
||||
src/flask/sessions.py | 10 ++++++----
|
||||
tests/test_basic.py | 23 +++++++++++++++++++++++
|
||||
2 files changed, 29 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/src/flask/sessions.py b/src/flask/sessions.py
|
||||
index 4e19270..039e30c 100644
|
||||
--- a/src/flask/sessions.py
|
||||
+++ b/src/flask/sessions.py
|
||||
@@ -385,6 +385,10 @@ class SecureCookieSessionInterface(SessionInterface):
|
||||
samesite = self.get_cookie_samesite(app)
|
||||
httponly = self.get_cookie_httponly(app)
|
||||
|
||||
+ # Add a "Vary: Cookie" header if the session was accessed at all.
|
||||
+ if session.accessed:
|
||||
+ response.vary.add("Cookie")
|
||||
+
|
||||
# If the session is modified to be empty, remove the cookie.
|
||||
# If the session is empty, return without setting the cookie.
|
||||
if not session:
|
||||
@@ -397,13 +401,10 @@ class SecureCookieSessionInterface(SessionInterface):
|
||||
samesite=samesite,
|
||||
httponly=httponly,
|
||||
)
|
||||
+ response.vary.add("Cookie")
|
||||
|
||||
return
|
||||
|
||||
- # Add a "Vary: Cookie" header if the session was accessed at all.
|
||||
- if session.accessed:
|
||||
- response.vary.add("Cookie")
|
||||
-
|
||||
if not self.should_set_cookie(app, session):
|
||||
return
|
||||
|
||||
@@ -419,3 +420,4 @@ class SecureCookieSessionInterface(SessionInterface):
|
||||
secure=secure,
|
||||
samesite=samesite,
|
||||
)
|
||||
+ response.vary.add("Cookie")
|
||||
diff --git a/tests/test_basic.py b/tests/test_basic.py
|
||||
index 3dc3a0e..6cf1496 100644
|
||||
--- a/tests/test_basic.py
|
||||
+++ b/tests/test_basic.py
|
||||
@@ -555,6 +555,11 @@ def test_session_vary_cookie(app, client):
|
||||
def setdefault():
|
||||
return flask.session.setdefault("test", "default")
|
||||
|
||||
+ @app.route("/clear")
|
||||
+ def clear():
|
||||
+ flask.session.clear()
|
||||
+ return ""
|
||||
+
|
||||
@app.route("/vary-cookie-header-set")
|
||||
def vary_cookie_header_set():
|
||||
response = flask.Response()
|
||||
@@ -587,11 +592,29 @@ def test_session_vary_cookie(app, client):
|
||||
expect("/get")
|
||||
expect("/getitem")
|
||||
expect("/setdefault")
|
||||
+ expect("/clear")
|
||||
expect("/vary-cookie-header-set")
|
||||
expect("/vary-header-set", "Accept-Encoding, Accept-Language, Cookie")
|
||||
expect("/no-vary-header", None)
|
||||
|
||||
|
||||
+def test_session_refresh_vary(app, client):
|
||||
+ @app.get("/login")
|
||||
+ def login():
|
||||
+ flask.session["user_id"] = 1
|
||||
+ flask.session.permanent = True
|
||||
+ return ""
|
||||
+
|
||||
+ @app.get("/ignored")
|
||||
+ def ignored():
|
||||
+ return ""
|
||||
+
|
||||
+ rv = client.get("/login")
|
||||
+ assert rv.headers["Vary"] == "Cookie"
|
||||
+ rv = client.get("/ignored")
|
||||
+ assert rv.headers["Vary"] == "Cookie"
|
||||
+
|
||||
+
|
||||
def test_flashes(app, req_ctx):
|
||||
assert not flask.session.modified
|
||||
flask.flash("Zap")
|
||||
--
|
||||
2.30.0
|
||||
|
||||
@ -1,41 +0,0 @@
|
||||
From 5d31ce1031e8ca24dc908c319567a76110edd87e Mon Sep 17 00:00:00 2001
|
||||
From: Nick Kocharhook <nick@kocharhook.com>
|
||||
Date: Wed, 1 Jun 2022 12:16:21 -0700
|
||||
Subject: [PATCH] Fix incorrect references to query in testing doc
|
||||
|
||||
The [EnvironBuilder doc](https://werkzeug.palletsprojects.com/en/2.1.x/test/#werkzeug.test.EnvironBuilder) shows that the correct name for the keyword argument is `query_string`, not `query`. Using `query` results in an error.
|
||||
|
||||
I've fixed the two places this appears in the testing doc.
|
||||
---
|
||||
docs/testing.rst | 8 ++++----
|
||||
1 file changed, 4 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/docs/testing.rst b/docs/testing.rst
|
||||
index 6f9d6ee1..8545bd39 100644
|
||||
--- a/docs/testing.rst
|
||||
+++ b/docs/testing.rst
|
||||
@@ -92,7 +92,7 @@ The ``client`` has methods that match the common HTTP request methods,
|
||||
such as ``client.get()`` and ``client.post()``. They take many arguments
|
||||
for building the request; you can find the full documentation in
|
||||
:class:`~werkzeug.test.EnvironBuilder`. Typically you'll use ``path``,
|
||||
-``query``, ``headers``, and ``data`` or ``json``.
|
||||
+``query_string``, ``headers``, and ``data`` or ``json``.
|
||||
|
||||
To make a request, call the method the request should use with the path
|
||||
to the route to test. A :class:`~werkzeug.test.TestResponse` is returned
|
||||
@@ -108,9 +108,9 @@ provides ``response.text``, or use ``response.get_data(as_text=True)``.
|
||||
assert b"<h2>Hello, World!</h2>" in response.data
|
||||
|
||||
|
||||
-Pass a dict ``query={"key": "value", ...}`` to set arguments in the
|
||||
-query string (after the ``?`` in the URL). Pass a dict ``headers={}``
|
||||
-to set request headers.
|
||||
+Pass a dict ``query_string={"key": "value", ...}`` to set arguments in
|
||||
+the query string (after the ``?`` in the URL). Pass a dict
|
||||
+``headers={}`` to set request headers.
|
||||
|
||||
To send a request body in a POST or PUT request, pass a value to
|
||||
``data``. If raw bytes are passed, that exact body is used. Usually,
|
||||
--
|
||||
2.39.0.windows.2
|
||||
|
||||
@ -1,44 +0,0 @@
|
||||
From 8ddbad9ccdc176b9d57a4aff0076c1c58c455318 Mon Sep 17 00:00:00 2001
|
||||
From: DailyDreaming <lblauvel@ucsc.edu>
|
||||
Date: Mon, 2 May 2022 07:46:09 -0700
|
||||
Subject: [PATCH] Fix linting error.
|
||||
|
||||
Suppress mypy.
|
||||
|
||||
Suppress mypy error.
|
||||
|
||||
Suppress mypy error.
|
||||
---
|
||||
src/flask/cli.py | 9 ++++++++-
|
||||
1 file changed, 8 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/flask/cli.py b/src/flask/cli.py
|
||||
index 36c4f1b6..efcc0f99 100644
|
||||
--- a/src/flask/cli.py
|
||||
+++ b/src/flask/cli.py
|
||||
@@ -9,6 +9,8 @@ from functools import update_wrapper
|
||||
from operator import attrgetter
|
||||
from threading import Lock
|
||||
from threading import Thread
|
||||
+from typing import Any
|
||||
+from typing import TYPE_CHECKING
|
||||
|
||||
import click
|
||||
from werkzeug.utils import import_string
|
||||
@@ -36,7 +38,12 @@ else:
|
||||
# We technically have importlib.metadata on 3.8+,
|
||||
# but the API changed in 3.10, so use the backport
|
||||
# for consistency.
|
||||
- import importlib_metadata as metadata # type: ignore
|
||||
+ if TYPE_CHECKING:
|
||||
+ metadata: Any
|
||||
+ else:
|
||||
+ # we do this to avoid a version dependent mypy error
|
||||
+ # because importlib_metadata is not installed in python3.10+
|
||||
+ import importlib_metadata as metadata
|
||||
|
||||
|
||||
class NoAppException(click.UsageError):
|
||||
--
|
||||
2.39.0.windows.2
|
||||
|
||||
BIN
Flask-1.1.2.tar.gz
Normal file
BIN
Flask-1.1.2.tar.gz
Normal file
Binary file not shown.
Binary file not shown.
@ -1,15 +1,11 @@
|
||||
Name: python-flask
|
||||
Version: 2.1.2
|
||||
Release: 4
|
||||
Version: 1.1.2
|
||||
Release: 2
|
||||
Epoch: 1
|
||||
Summary: A lightweight WSGI web application framework
|
||||
License: BSD-3-Clause
|
||||
License: BSD
|
||||
URL: https://palletsprojects.com/p/flask/
|
||||
Source0: https://files.pythonhosted.org/packages/source/F/Flask/Flask-%{version}.tar.gz
|
||||
Patch0: Fix-linting-error.patch
|
||||
Patch1: Fix-incorrect-references-to-query-in-testing-doc.patch
|
||||
Patch2: CVE-2023-30861.patch
|
||||
|
||||
BuildArch: noarch
|
||||
|
||||
BuildRequires: python3-devel python3-setuptools python3-pytest python3-jinja2 python3-werkzeug python3-itsdangerous python3-click
|
||||
@ -24,13 +20,13 @@ frameworks.
|
||||
%package -n python3-flask
|
||||
Summary: python-flask for python 3 version
|
||||
%{?python_provide:%python_provide python3-flask}
|
||||
Requires: python3-jinja2 python3-werkzeug python3-itsdangerous python3-click
|
||||
Requires: python3-jinja2 python3-werkzeug python3-itsdangerous python3-click python3-simplejson
|
||||
|
||||
%description -n python3-flask
|
||||
Python-flask for python 3 version
|
||||
|
||||
%prep
|
||||
%autosetup -n Flask-%{version} -p1
|
||||
%autosetup -n Flask-%{version}
|
||||
|
||||
%build
|
||||
%py3_build
|
||||
@ -55,21 +51,6 @@ PYTHONPATH=%{buildroot}%{python3_sitelib} py.test-%{python3_version} -v || :
|
||||
%{python3_sitelib}/*
|
||||
|
||||
%changelog
|
||||
* Thu May 11 2023 yaoxin <yao_xin001@hoperun.com> - 1:2.1.2-4
|
||||
- Fix CVE-2023-30861
|
||||
|
||||
* Fri Jan 13 2023 zhangliangpengkun<zhangliangpengkun@xfusion.com> - 1:2.1.2-3
|
||||
- Fix incorrect references to query in testing doc
|
||||
|
||||
* Mon Jan 9 2023 zhangliangpengkun<zhangliangpengkun@xfusion.com> - 1:2.1.2-2
|
||||
- Fix linting error
|
||||
|
||||
* Fri Oct 25 2022 Ge Wang <wangge20@h-partners.com> - 1:2.1.2-1
|
||||
- Upgrade to version 2.1.2
|
||||
|
||||
* Wed Oct 27 2021 Haiwei Li<lihaiwei8@huawei.com> - 1.1.2-3
|
||||
- backport add require pythonx-simplejson. details see issue #I4CGIS
|
||||
|
||||
* Thu Sep 30 2021 Jiachen Fan<fanjiachen3@huawei.com> - 1.1.2-2
|
||||
- add missing install Requires python3-simplejson
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user