diff options
author | Aaron Patterson <aaron.patterson@gmail.com> | 2016-03-17 13:34:06 -0700 |
---|---|---|
committer | Aaron Patterson <aaron.patterson@gmail.com> | 2016-03-17 13:34:06 -0700 |
commit | 4116309080b766daeb8c7c3fe52b14deea768b4f (patch) | |
tree | 521a823d52ba4660e74644e444d838c44bc3824f | |
parent | 2fd9df71aff4af8a3ab8088a6919f5d9a5e4ab95 (diff) | |
parent | 4d636d041a2466c860a9247edaa6aae736eca444 (diff) | |
download | rack-4116309080b766daeb8c7c3fe52b14deea768b4f.tar.gz |
Merge pull request #1037 from mastahyeti/backport_same_site_cookies
Backport SameSite cookie attribute
-rw-r--r-- | HISTORY.md | 4 | ||||
-rw-r--r-- | lib/rack/utils.rb | 10 | ||||
-rw-r--r-- | test/spec_response.rb | 26 |
3 files changed, 39 insertions, 1 deletions
@@ -1,3 +1,7 @@ +Tue Mar 15 15:18:44 2016 Ben Toews <mastahyeti@users.noreply.github.com> + + * Backport support for the `SameSite` cookie attribute. + Wed Jun 24 12:13:37 2015 Aaron Patterson <tenderlove@ruby-lang.org> * Fix Ruby 1.8 backwards compatibility diff --git a/lib/rack/utils.rb b/lib/rack/utils.rb index 3b6f69f3..328f6554 100644 --- a/lib/rack/utils.rb +++ b/lib/rack/utils.rb @@ -311,12 +311,20 @@ module Rack rfc2822(value[:expires].clone.gmtime) if value[:expires] secure = "; secure" if value[:secure] httponly = "; HttpOnly" if (value.key?(:httponly) ? value[:httponly] : value[:http_only]) + same_site = if value[:same_site] + case value[:same_site] + when Symbol, String + "; SameSite=#{value[:same_site]}" + else + "; SameSite" + end + end value = value[:value] end value = [value] unless Array === value cookie = escape(key) + "=" + value.map { |v| escape v }.join("&") + - "#{domain}#{path}#{max_age}#{expires}#{secure}#{httponly}" + "#{domain}#{path}#{max_age}#{expires}#{secure}#{httponly}#{same_site}" case header["Set-Cookie"] when nil, '' diff --git a/test/spec_response.rb b/test/spec_response.rb index 6b13c0c9..bca892d6 100644 --- a/test/spec_response.rb +++ b/test/spec_response.rb @@ -97,6 +97,32 @@ describe Rack::Response do response["Set-Cookie"].should.equal "foo=bar" end + it "can set SameSite cookies with any truthy value" do + response = Rack::Response.new + response.set_cookie "foo", {:value => "bar", :same_site => Object.new} + response["Set-Cookie"].should.equal "foo=bar; SameSite" + end + + it "can set SameSite cookies with string value" do + response = Rack::Response.new + response.set_cookie "foo", {:value => "bar", :same_site => "Lax"} + response["Set-Cookie"].should.equal "foo=bar; SameSite=Lax" + end + + it "can set SameSite cookies with symbol value" do + response = Rack::Response.new + response.set_cookie "foo", {:value => "bar", :same_site => :Strict} + response["Set-Cookie"].should.equal "foo=bar; SameSite=Strict" + end + + [ nil, false ].each do |non_truthy| + it "omits SameSite attribute given a #{non_truthy.inspect} value" do + response = Rack::Response.new + response.set_cookie "foo", {:value => "bar", :same_site => non_truthy} + response["Set-Cookie"].should.equal "foo=bar" + end + end + it "can delete cookies" do response = Rack::Response.new response.set_cookie "foo", "bar" |