commit 52400de1c9e9437b5c9df899f273485f663bb5b5 (patch)
parent 8da4448 local.mk.sample: use rack-1.1.0
tree 38d9e34e2693a6e4694fd0189f5f3f01356cacde
author Eric Wong <normalperson@yhbt.net> 2010-01-05 17:36:17 -0800
committer Eric Wong <normalperson@yhbt.net> 2010-01-05 17:37:50 -0800
http_response: disallow blank, multi-value headers
The HeaderHash optimizations in Rack 1.1 interact badly with
Rails 2.3.5 (and possibly other frameworks/apps) which set
multi-value "Set-Cookie" headers without relying on the proper
methods provided by Rack::Utils.
While this is an issue with Rails not using properly, there
may be similar apps that make this mistake and Rack::Lint
does not guard against it.
Rack-ML-Ref: <20100105235845.GB3377@dcvr.yhbt.net>
---
lib/unicorn/http_response.rb | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/lib/unicorn/http_response.rb b/lib/unicorn/http_response.rb
index 92d4d6d..96e484b 100644
--- a/lib/unicorn/http_response.rb
+++ b/lib/unicorn/http_response.rb
@@ -47,7 +47,8 @@ module Unicorn
headers.each do |key, value|
next if SKIP.include?(key.downcase)
if value =~ /\n/
- out.concat(value.split(/\n/).map! { |v| "#{key}: #{v}\r\n" })
+ # avoiding blank, key-only cookies with /\n+/
+ out.concat(value.split(/\n+/).map! { |v| "#{key}: #{v}\r\n" })
else
out << "#{key}: #{value}\r\n"
end
glossary
--------
Commit objects reference one tree, and zero or more parents.
Single parent commits can typically generate a patch in
unified diff format via `git format-patch'.
Multiple parents means the commit is a merge.
Root commits have no ancestor. Note that it is
possible to have multiple root commits when merging independent histories.
Every commit references one top-level tree object.
Code repositories for project(s) associated with this public inbox
https://yhbt.net/unicorn.git/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).