Add security tip for setCookie (#19117)

* Add security tip for setCookie * Update lib/pure/cookies.nim Co-authored-by: Dominik Picheta <[email protected]> * Update lib/pure/cookies.nim Co-authored-by: konsumlamm <[email protected]> Co-authored-by: Andreas Rumpf <[email protected]> Co-authored-by: Dominik Picheta <[email protected]> Co-authored-by: konsumlamm <[email protected]>
nim-lang · Nov 11, 2021 · 036d894 · 036d894
1 parent 77b696c
commit 036d894
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/lib/pure/cookies.nim b/lib/pure/cookies.nim
@@ -50,6 +50,9 @@ proc setCookie*(key, value: string, domain = "", path = "",
                 maxAge = none(int), sameSite = SameSite.Default): string =
   ## Creates a command in the format of
   ## `Set-Cookie: key=value; Domain=...; ...`
+  ##
+
+  ## .. tip: Cookies can be vulnerable. Consider setting `secure=true`, `httpOnly=true` and `sameSite=Strict`.
   result = ""
   if not noName: result.add("Set-Cookie: ")
   result.add key & "=" & value