python · aiohttpHeads-up
aiohttp: Cookies sent on cross-origin redirects when using cookies parameter
Cookies set with the `cookies` parameter on requests are sent after following a cross-origin redirect, potentially leaking sensitive data.
What changed
Cookies set with the `cookies` parameter on requests are sent after following a cross-origin redirect, potentially leaking sensitive data.
Who it affects
Developers using aiohttp who set cookies via the `cookies` parameter on a per-request basis.
What to do today
Upgrade aiohttp to a patched version or use a `Cookie` header in the `headers` parameter instead of the `cookies` parameter.
The trail
Collected→
Audited→
Written→
Published