diff --git a/starlette/middleware/sessions.py b/starlette/middleware/sessions.py index 597de38a2..b1e32ec16 100644 --- a/starlette/middleware/sessions.py +++ b/starlette/middleware/sessions.py @@ -1,4 +1,5 @@ import json +import sys import typing from base64 import b64decode, b64encode @@ -9,6 +10,11 @@ from starlette.requests import HTTPConnection from starlette.types import ASGIApp, Message, Receive, Scope, Send +if sys.version_info >= (3, 8): # pragma: no cover + from typing import Literal +else: # pragma: no cover + from typing_extensions import Literal + class SessionMiddleware: def __init__( @@ -18,7 +24,7 @@ def __init__( session_cookie: str = "session", max_age: typing.Optional[int] = 14 * 24 * 60 * 60, # 14 days, in seconds path: str = "/", - same_site: str = "lax", + same_site: Literal["lax", "strict", "none"] = "lax", https_only: bool = False, ) -> None: self.app = app diff --git a/starlette/responses.py b/starlette/responses.py index bc73cb156..98c8caf1b 100644 --- a/starlette/responses.py +++ b/starlette/responses.py @@ -17,6 +17,11 @@ from starlette.datastructures import URL, MutableHeaders from starlette.types import Receive, Scope, Send +if sys.version_info >= (3, 8): # pragma: no cover + from typing import Literal +else: # pragma: no cover + from typing_extensions import Literal + # Workaround for adding samesite support to pre 3.8 python http.cookies.Morsel._reserved["samesite"] = "SameSite" # type: ignore @@ -105,7 +110,7 @@ def set_cookie( domain: typing.Optional[str] = None, secure: bool = False, httponly: bool = False, - samesite: str = "lax", + samesite: typing.Optional[Literal["lax", "strict", "none"]] = "lax", ) -> None: cookie: http.cookies.BaseCookie = http.cookies.SimpleCookie() cookie[key] = value @@ -138,7 +143,7 @@ def delete_cookie( domain: typing.Optional[str] = None, secure: bool = False, httponly: bool = False, - samesite: str = "lax", + samesite: typing.Optional[Literal["lax", "strict", "none"]] = "lax", ) -> None: self.set_cookie( key,