Add security tip for setCookie (#19117)

* Add security tip for setCookie * Update lib/pure/cookies.nim Co-authored-by: Dominik Picheta <dominikpicheta@googlemail.com> * Update lib/pure/cookies.nim Co-authored-by: konsumlamm <44230978+konsumlamm@users.noreply.github.com> Co-authored-by: Andreas Rumpf <rumpf_a@web.de> Co-authored-by: Dominik Picheta <dominikpicheta@googlemail.com> Co-authored-by: konsumlamm <44230978+konsumlamm@users.noreply.github.com>
2026-04-18 05:20:31 +00:00 · 2021-11-11 07:41:21 +00:00
parent 77b696c2c9
commit 036d894e6a
1 changed files with 3 additions and 0 deletions
--- a/lib/pure/cookies.nim
+++ b/lib/pure/cookies.nim
@@ -50,6 +50,9 @@ proc setCookie*(key, value: string, domain = "", path = "",
                maxAge = none(int), sameSite = SameSite.Default): string =
  ## Creates a command in the format of
  ## `Set-Cookie: key=value; Domain=...; ...`
+  ##
+
+  ## .. tip: Cookies can be vulnerable. Consider setting `secure=true`, `httpOnly=true` and `sameSite=Strict`.
  result = ""
  if not noName: result.add("Set-Cookie: ")
  result.add key & "=" & value