summary refs log tree commit homepage
diff options
authorEric Wong <>2010-01-05 17:36:17 -0800
committerEric Wong <>2010-01-05 17:37:50 -0800
commit52400de1c9e9437b5c9df899f273485f663bb5b5 (patch)
parent8da4448c7117759b0fb8ea8e4243e81ea8b26e7c (diff)
The HeaderHash optimizations in Rack 1.1 interact badly with
Rails 2.3.5 (and possibly other frameworks/apps) which set
multi-value "Set-Cookie" headers without relying on the proper
methods provided by Rack::Utils.

While this is an issue with Rails not using properly, there
may be similar apps that make this mistake and Rack::Lint
does not guard against it.

Rack-ML-Ref: <>
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/unicorn/http_response.rb b/lib/unicorn/http_response.rb
index 92d4d6d..96e484b 100644
--- a/lib/unicorn/http_response.rb
+++ b/lib/unicorn/http_response.rb
@@ -47,7 +47,8 @@ module Unicorn
         headers.each do |key, value|
           next if SKIP.include?(key.downcase)
           if value =~ /\n/
-            out.concat(value.split(/\n/).map! { |v| "#{key}: #{v}\r\n" })
+            # avoiding blank, key-only cookies with /\n+/
+            out.concat(value.split(/\n+/).map! { |v| "#{key}: #{v}\r\n" })
             out << "#{key}: #{value}\r\n"