Ruby on Rails | Screencasts | Download | Documentation | Weblog | Community | Source

Ticket #8895: http_cookies.patch

File http_cookies.patch, 4.8 kB (added by lifofifo, 1 year ago)

Refactored some relevant code to original patch

  • actionpack/test/controller/cookie_test.rb

    old new  
    3636      render_text "hello world" 
    3737    end 
    3838 
     39    def authenticate_with_http_only 
     40      cookies["user_name"] = { :value => "david", :http_only => true } 
     41    end 
     42 
    3943    def rescue_action(e)  
    4044      raise unless ActionController::MissingTemplate # No templates here, and we don't care about the output  
    4145    end 
     
    6973    assert_equal [ CGI::Cookie::new("name" => "user_name", "value" => "david", "expires" => Time.local(2005, 10, 10)) ], @response.headers["cookie"] 
    7074  end 
    7175 
     76  def test_setting_cookie_with_http_only 
     77    get :authenticate_with_http_only 
     78    assert_equal [ CGI::Cookie::new("name" => "user_name", "value" => "david", "http_only" => true) ], @response.headers["cookie"] 
     79    assert_equal CGI::Cookie::new("name" => "user_name", "value" => "david", "path" => "/", "http_only" => true).to_s, @response.headers["cookie"].to_s 
     80  end 
     81 
    7282  def test_multiple_cookies 
    7383    get :set_multiple_cookies 
    7484    assert_equal 2, @response.cookies.size 

  • actionpack/lib/action_controller/cgi_ext/cookie.rb

    old new  
    1919    # secure:: whether this cookie is a secure cookie or not (default to 
    2020    #          false).  Secure cookies are only transmitted to HTTPS 
    2121    #          servers. 
    22     # 
     22    # http_only:: weather this cookie can be accessed by client side scripts ( e.g. document.cookie ) or only over HTTP  
     23    #             More details : http://msdn2.microsoft.com/en-us/library/system.web.httpcookie.httponly.aspx 
     24    #             Defaults to false. 
    2325    # These keywords correspond to attributes of the cookie object. 
    2426    def initialize(name = '', *value) 
    2527      if name.kind_of?(String) 
     
    2830        @domain = nil 
    2931        @expires = nil 
    3032        @secure = false 
     33        @http_only = false 
    3134        @path = nil 
    3235      else 
    3336        @name = name['name'] 
     
    3538        @domain = name['domain'] 
    3639        @expires = name['expires'] 
    3740        @secure = name['secure'] || false 
     41        @http_only = name['http_only'] || false 
    3842        @path = name['path'] 
    3943      end 
    4044 
     
    5660    end 
    5761 
    5862    attr_accessor("name", "value", "path", "domain", "expires") 
    59     attr_reader("secure"
     63    attr_reader("secure", "http_only"
    6064 
    6165    # Set whether the Cookie is a secure cookie or not. 
    6266    # 
    6367    # +val+ must be a boolean. 
    6468    def secure=(val) 
    6569      @secure = val if val == true or val == false 
    66       @secure 
    6770    end 
    6871 
     72    # Set whether the Cookie is a HTTP only or not. 
     73    # 
     74    # +val+ must be a boolean. 
     75    def http_only=(val) 
     76      @http_only = val if val == true or val == false 
     77    end 
     78 
    6979    # Convert the Cookie to its string representation. 
    7080    def to_s 
    71       buf = "" 
     81      buf = '' 
    7282      buf << @name << '=' 
    73  
    74       if @value.kind_of?(String) 
    75         buf << CGI::escape(@value) 
    76       else 
    77         buf << @value.collect{|v| CGI::escape(v) }.join("&") 
    78       end 
    79  
    80       if @domain 
    81         buf << '; domain=' << @domain 
    82       end 
    83  
    84       if @path 
    85         buf << '; path=' << @path 
    86       end 
    87  
    88       if @expires 
    89         buf << '; expires=' << CGI::rfc1123_date(@expires) 
    90       end 
    91  
    92       if @secure == true 
    93         buf << '; secure' 
    94       end 
    95  
    96       buf 
     83      buf << (@value.kind_of?(String) ? CGI::escape(@value) : @value.collect{|v| CGI::escape(v) }.join("&")) 
     84      buf << '; domain=' << @domain if @domain 
     85      buf << '; path=' << @path if @path 
     86      buf << '; expires=' << CGI::rfc1123_date(@expires) if @expires 
     87      buf << '; secure' if @secure 
     88      buf << '; HttpOnly' if @http_only 
    9789    end 
    9890 
    9991    # Parse a raw cookie string into a hash of cookie-name=>Cookie 

  • actionpack/lib/action_controller/cookies.rb

    old new  
    2323  # * <tt>domain</tt> - the domain for which this cookie applies. 
    2424  # * <tt>expires</tt> - the time at which this cookie expires, as a +Time+ object. 
    2525  # * <tt>secure</tt> - whether this cookie is a secure cookie or not (default to false). 
    26   #   Secure cookies are only transmitted to HTTPS servers. 
     26  #                     Secure cookies are only transmitted to HTTPS servers. 
     27  # * <tt>http_only</tt> - whether this cookie is accessible via scripting or only HTTP (defaults to false). 
     28   
    2729  module Cookies 
    2830    protected 
    2931      # Returns the cookie container, which operates as described above.