Ruby on Rails | Screencasts | Download | Documentation | Weblog | Community | Source

Ticket #8895: http_cookies.3.patch

File http_cookies.3.patch, 5.3 kB (added by Spakman, 1 year ago)

Some tidying

  • actionpack/test/controller/cookie_test.rb

    old new  
    3636      render_text "hello world" 
    3737    end 
    3838 
     39    def authenticate_with_http_only 
     40      cookies["user_name"] = { :value => "david", :http_only => true } 
     41    end 
     42 
    3943    def rescue_action(e)  
    4044      raise unless ActionController::MissingTemplate # No templates here, and we don't care about the output  
    4145    end 
     
    6973    assert_equal [ CGI::Cookie::new("name" => "user_name", "value" => "david", "expires" => Time.local(2005, 10, 10)) ], @response.headers["cookie"] 
    7074  end 
    7175 
     76  def test_setting_cookie_with_http_only 
     77    get :authenticate_with_http_only 
     78    assert_equal [ CGI::Cookie::new("name" => "user_name", "value" => "david", "http_only" => true) ], @response.headers["cookie"] 
     79    assert_equal CGI::Cookie::new("name" => "user_name", "value" => "david", "path" => "/", "http_only" => true).to_s, @response.headers["cookie"].to_s 
     80  end 
     81 
    7282  def test_multiple_cookies 
    7383    get :set_multiple_cookies 
    7484    assert_equal 2, @response.cookies.size 

  • actionpack/lib/action_controller/cgi_ext/cookie.rb

    old new  
    33# TODO: document how this differs from stdlib CGI::Cookie 
    44class CGI #:nodoc: 
    55  class Cookie < DelegateClass(Array) 
     6    attr_accessor :name, :value, :path, :domain, :expires 
     7    attr_reader :secure, :http_only 
     8 
    69    # Create a new CGI::Cookie object. 
    710    # 
    811    # The contents of the cookie can be specified as a +name+ and one 
     
    1922    # secure:: whether this cookie is a secure cookie or not (default to 
    2023    #          false).  Secure cookies are only transmitted to HTTPS 
    2124    #          servers. 
    22     # 
     25    # http_only:: whether this cookie can be accessed by client side scripts (e.g. document.cookie) or only over HTTP  
     26    #             More details: http://msdn2.microsoft.com/en-us/library/system.web.httpcookie.httponly.aspx 
     27    #             Defaults to false. 
    2328    # These keywords correspond to attributes of the cookie object. 
    2429    def initialize(name = '', *value) 
    2530      if name.kind_of?(String) 
     
    2833        @domain = nil 
    2934        @expires = nil 
    3035        @secure = false 
     36        @http_only = false 
    3137        @path = nil 
    3238      else 
    3339        @name = name['name'] 
     
    3541        @domain = name['domain'] 
    3642        @expires = name['expires'] 
    3743        @secure = name['secure'] || false 
     44        @http_only = name['http_only'] || false 
    3845        @path = name['path'] 
    3946      end 
    4047 
    41       unless @name 
    42         raise ArgumentError, "`name' required" 
    43       end 
     48      raise ArgumentError, "`name' required" unless @name 
    4449 
    4550      # simple support for IE 
    4651      unless @path 
     
    5560      @_dc_obj = obj 
    5661    end 
    5762 
    58     attr_accessor("name", "value", "path", "domain", "expires") 
    59     attr_reader("secure") 
    60  
    6163    # Set whether the Cookie is a secure cookie or not. 
    62     # 
    63     # +val+ must be a boolean. 
    6464    def secure=(val) 
    65       @secure = val if val == true or val == false 
    66       @secure 
     65      @secure = val == true 
    6766    end 
    6867 
     68    # Set whether the Cookie is an HTTP only cookie or not. 
     69    def http_only=(val) 
     70      @http_only = val == true 
     71    end 
     72 
    6973    # Convert the Cookie to its string representation. 
    7074    def to_s 
    71       buf = "" 
     75      buf = '' 
    7276      buf << @name << '=' 
    73  
    74       if @value.kind_of?(String) 
    75         buf << CGI::escape(@value) 
    76       else 
    77         buf << @value.collect{|v| CGI::escape(v) }.join("&") 
    78       end 
    79  
    80       if @domain 
    81         buf << '; domain=' << @domain 
    82       end 
    83  
    84       if @path 
    85         buf << '; path=' << @path 
    86       end 
    87  
    88       if @expires 
    89         buf << '; expires=' << CGI::rfc1123_date(@expires) 
    90       end 
    91  
    92       if @secure == true 
    93         buf << '; secure' 
    94       end 
    95  
    96       buf 
     77      buf << (@value.kind_of?(String) ? CGI::escape(@value) : @value.collect{|v| CGI::escape(v) }.join("&")) 
     78      buf << '; domain=' << @domain if @domain 
     79      buf << '; path=' << @path if @path 
     80      buf << '; expires=' << CGI::rfc1123_date(@expires) if @expires 
     81      buf << '; secure' if @secure 
     82      buf << '; HttpOnly' if @http_only 
    9783    end 
    9884 
    9985    # Parse a raw cookie string into a hash of cookie-name=>Cookie 

  • actionpack/lib/action_controller/cookies.rb

    old new  
    2323  # * <tt>domain</tt> - the domain for which this cookie applies. 
    2424  # * <tt>expires</tt> - the time at which this cookie expires, as a +Time+ object. 
    2525  # * <tt>secure</tt> - whether this cookie is a secure cookie or not (default to false). 
    26   #   Secure cookies are only transmitted to HTTPS servers. 
     26  #                     Secure cookies are only transmitted to HTTPS servers. 
     27  # * <tt>http_only</tt> - whether this cookie is accessible via scripting or only HTTP (defaults to false). 
     28   
    2729  module Cookies 
    2830    protected 
    2931      # Returns the cookie container, which operates as described above.