diff options
author | James Tucker <jftucker@gmail.com> | 2013-07-04 15:15:48 -0700 |
---|---|---|
committer | James Tucker <jftucker@gmail.com> | 2013-07-04 15:15:48 -0700 |
commit | dda3bb5e78ef8cd1a2598924c4d30473cd01d1c9 (patch) | |
tree | a0e951d4b3d05ba3216bc50d02608ed7386915ac | |
parent | df7e1e25ded17423c635a8a1e2d53467f61ffe58 (diff) | |
parent | 65d3894224149ed3aee80293892bb368377913a1 (diff) | |
download | rack-dda3bb5e78ef8cd1a2598924c4d30473cd01d1c9.tar.gz |
Merge pull request #583 from gshutler/cookie-http-only
Set HttpOnly for cookies using :http_only
-rw-r--r-- | lib/rack/utils.rb | 2 | ||||
-rw-r--r-- | test/spec_response.rb | 12 |
2 files changed, 13 insertions, 1 deletions
diff --git a/lib/rack/utils.rb b/lib/rack/utils.rb index 0c7091e3..43bbef37 100644 --- a/lib/rack/utils.rb +++ b/lib/rack/utils.rb @@ -274,7 +274,7 @@ module Rack expires = "; expires=" + rfc2822(value[:expires].clone.gmtime) if value[:expires] secure = "; secure" if value[:secure] - httponly = "; HttpOnly" if value[:httponly] + httponly = "; HttpOnly" if (value.key?(:httponly) ? value[:httponly] : value[:http_only]) value = value[:value] end value = [value] unless Array === value diff --git a/test/spec_response.rb b/test/spec_response.rb index 0ba17b15..12b8b7b3 100644 --- a/test/spec_response.rb +++ b/test/spec_response.rb @@ -85,6 +85,18 @@ describe Rack::Response do response["Set-Cookie"].should.equal "foo=bar; HttpOnly" end + it "can set http only cookies with :http_only" do + response = Rack::Response.new + response.set_cookie "foo", {:value => "bar", :http_only => true} + response["Set-Cookie"].should.equal "foo=bar; HttpOnly" + end + + it "can set prefers :httponly for http only cookie setting when :httponly and :http_only provided" do + response = Rack::Response.new + response.set_cookie "foo", {:value => "bar", :httponly => false, :http_only => true} + response["Set-Cookie"].should.equal "foo=bar" + end + it "can delete cookies" do response = Rack::Response.new response.set_cookie "foo", "bar" |