Movatterモバイル変換

18.22.4 DefaultCookiePolicy Objects

Implements the standard rules for accepting and returning cookies.

Both RFC 2965 and Netscape cookies are covered. RFC 2965 handling isswitched off by default.

The easiest way to provide your own policy is to override this classand call its methods in your overridden implementations before addingyour own additional checks:

import cookielibclass MyCookiePolicy(cookielib.DefaultCookiePolicy):    def set_ok(self, cookie, request):        if not cookielib.DefaultCookiePolicy.set_ok(self, cookie, request):            return False        if i_dont_want_to_store_this_cookie(cookie):            return False        return True

In addition to the features required to implement theCookiePolicy interface, this class allows you to block andallow domains from setting and receiving cookies. There are also somestrictness switches that allow you to tighten up the rather looseNetscape protocol rules a little bit (at the cost of blocking somebenign cookies).

A domain blacklist and whitelist is provided (both off by default).Only domains not in the blacklist and present in the whitelist (if thewhitelist is active) participate in cookie setting and returning. Usetheblocked_domains constructor argument, andblocked_domains() andset_blocked_domains() methods(and the corresponding argument and methods forallowed_domains). If you set a whitelist, you can turn it offagain by setting it toNone.

Domains in block or allow lists that do not start with a dot mustequal the cookie domain to be matched. For example,"example.com" matches a blacklist entry of"example.com", but"www.example.com" does not. Domainsthat do start with a dot are matched by more specific domains too.For example, both"www.example.com" and"www.coyote.example.com" match".example.com" (but"example.com" itself does not). IP addresses are an exception,and must match exactly. For example, if blocked_domains contains"192.168.1.2" and".168.1.2", 192.168.1.2 is blocked,but 193.168.1.2 is not.

DefaultCookiePolicy implements the following additionalmethods:

blocked_domains( ): Return the sequence of blocked domains (as a tuple).

set_blocked_domains( blocked_domains): Set the sequence of blocked domains.

is_blocked( domain): Return whetherdomain is on the blacklist for setting orreceiving cookies.

allowed_domains( ): ReturnNone, or the sequence of allowed domains (as a tuple).

set_allowed_domains( allowed_domains): Set the sequence of allowed domains, orNone.

is_not_allowed( domain): Return whetherdomain is not on the whitelist for setting orreceiving cookies.

DefaultCookiePolicy instances have the following attributes,which are all initialised from the constructor arguments of the samename, and which may all be assigned to.

rfc2109_as_netscape: If true, request that theCookieJar instance downgrade RFC2109 cookies (ie. cookies received in aSet-Cookie: headerwith a version cookie-attribute of 1) to Netscape cookies by settingthe version attribute of theCookie instance to 0. Thedefault value isNone, in which case RFC 2109 cookies aredowngraded if and only if RFC 2965 handling is turned off. Therefore,RFC 2109 cookies are downgraded by default.New in version 2.5.

General strictness switches:

strict_domain: Don't allow sites to set two-component domains with country-codetop-level domains like.co.uk,.gov.uk,.co.nz.etc. This is far from perfect and isn't guaranteed towork!

RFC 2965 protocol strictness switches:

strict_rfc2965_unverifiable: Follow RFC 2965 rules on unverifiable transactions (usually, anunverifiable transaction is one resulting from a redirect or a requestfor an image hosted on another site). If this is false, cookies arenever blocked on the basis of verifiability

Netscape protocol strictness switches:

strict_ns_unverifiable: apply RFC 2965 rules on unverifiable transactions even to Netscapecookies

strict_ns_domain: Flags indicating how strict to be with domain-matching rules forNetscape cookies. See below for acceptable values.

strict_ns_set_initial_dollar: Ignore cookies in Set-Cookie: headers that have names starting with'$'.

strict_ns_set_path: Don't allow setting cookies whose path doesn't path-match request URI.

strict_ns_domain is a collection of flags. Its value isconstructed by or-ing together (for example,DomainStrictNoDots|DomainStrictNonDomain means both flags areset).

DomainStrictNoDots: When setting cookies, the 'host prefix' must not contain a dot(eg.www.foo.bar.com can't set a cookie for.bar.com,becausewww.foo contains a dot).

DomainStrictNonDomain: Cookies that did not explicitly specify adomaincookie-attribute can only be returned to a domain equal to the domainthat set the cookie (eg.spam.example.com won't be returnedcookies fromexample.com that had nodomaincookie-attribute).

DomainRFC2965Match: When setting cookies, require a full RFC 2965 domain-match.

The following attributes are provided for convenience, and are themost useful combinations of the above flags:

DomainLiberal: Equivalent to 0 (ie. all of the above Netscape domain strictness flagsswitched off).

DomainStrict: Equivalent toDomainStrictNoDots|DomainStrictNonDomain.

Release 2.5.2, documentation updated on 21st February, 2008.

SeeAbout this document... for information on suggesting changes.

[8]ページ先頭