Skip to content

Use Safe Parameters in flask Response set_cookie Call#79

Merged
udhayprakash merged 1 commit into
developfrom
pixeebot/drip-2025-08-10-pixee-python/secure-flask-cookie
Jun 27, 2026
Merged

Use Safe Parameters in flask Response set_cookie Call#79
udhayprakash merged 1 commit into
developfrom
pixeebot/drip-2025-08-10-pixee-python/secure-flask-cookie

Conversation

@pixeebot

@pixeebot pixeebot Bot commented Aug 10, 2025

Copy link
Copy Markdown
Contributor

This codemod sets the most secure parameters when Flask applications call set_cookie on a response object. Without these parameters, your Flask
application cookies may be vulnerable to being intercepted and used to gain access to sensitive data.

The changes from this codemod look like this:

  from flask import Flask, session, make_response
  app = Flask(__name__)
  @app.route('/')
    def index():
      resp = make_response('Custom Cookie Set')
    - resp.set_cookie('custom_cookie', 'value')
    + resp.set_cookie('custom_cookie', 'value', secure=True, httponly=True, samesite='Lax')
      return resp
More reading

I have additional improvements ready for this repo! If you want to see them, leave the comment:

@pixeebot next

... and I will open a new PR right away!

🧚🤖 Powered by Pixeebot

Feedback | Community | Docs | Codemod ID: pixee:python/secure-flask-cookie

@udhayprakash udhayprakash merged commit 8a40197 into develop Jun 27, 2026
4 of 5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant