diff options
author | Joshua Peek <josh@joshpeek.com> | 2008-12-20 21:25:09 -0600 |
---|---|---|
committer | Joshua Peek <josh@joshpeek.com> | 2008-12-20 21:25:47 -0600 |
commit | 3b317b7100c9a416f4e3545f3844f0c0743acdb2 (patch) | |
tree | b94cd268610a51756fc6418f1983a333e37420a1 /actionpack/lib/action_controller/response.rb | |
parent | 606cd61b9a2a710a27c2e482b5dace100cce9779 (diff) | |
download | rails-3b317b7100c9a416f4e3545f3844f0c0743acdb2.tar.gz rails-3b317b7100c9a416f4e3545f3844f0c0743acdb2.tar.bz2 rails-3b317b7100c9a416f4e3545f3844f0c0743acdb2.zip |
Switch to Rack::Response#set_cookie instead of using CGI::Cookie to build cookie headers
Diffstat (limited to 'actionpack/lib/action_controller/response.rb')
-rw-r--r-- | actionpack/lib/action_controller/response.rb | 54 |
1 files changed, 34 insertions, 20 deletions
diff --git a/actionpack/lib/action_controller/response.rb b/actionpack/lib/action_controller/response.rb index 866616bac3..64319fe102 100644 --- a/actionpack/lib/action_controller/response.rb +++ b/actionpack/lib/action_controller/response.rb @@ -34,14 +34,14 @@ module ActionController # :nodoc: DEFAULT_HEADERS = { "Cache-Control" => "no-cache" } attr_accessor :request - attr_accessor :session, :cookies, :assigns, :template, :layout + attr_accessor :session, :assigns, :template, :layout attr_accessor :redirected_to, :redirected_to_method_params delegate :default_charset, :to => 'ActionController::Base' def initialize @status = 200 - @header = DEFAULT_HEADERS.merge("cookie" => []) + @header = DEFAULT_HEADERS.dup @writer = lambda { |x| @body << x } @block = nil @@ -143,10 +143,9 @@ module ActionController # :nodoc: handle_conditional_get! set_content_length! convert_content_type! - convert_language! convert_expires! - set_cookies! + convert_cookies! end def each(&callback) @@ -168,6 +167,35 @@ module ActionController # :nodoc: str end + # Over Rack::Response#set_cookie to add HttpOnly option + def set_cookie(key, value) + case value + when Hash + domain = "; domain=" + value[:domain] if value[:domain] + path = "; path=" + value[:path] if value[:path] + # According to RFC 2109, we need dashes here. + # N.B.: cgi.rb uses spaces... + expires = "; expires=" + value[:expires].clone.gmtime. + strftime("%a, %d-%b-%Y %H:%M:%S GMT") if value[:expires] + secure = "; secure" if value[:secure] + httponly = "; HttpOnly" if value[:http_only] + value = value[:value] + end + value = [value] unless Array === value + cookie = ::Rack::Utils.escape(key) + "=" + + value.map { |v| ::Rack::Utils.escape v }.join("&") + + "#{domain}#{path}#{expires}#{secure}#{httponly}" + + case self["Set-Cookie"] + when Array + self["Set-Cookie"] << cookie + when String + self["Set-Cookie"] = [self["Set-Cookie"], cookie] + when nil + self["Set-Cookie"] = cookie + end + end + private def handle_conditional_get! if etag? || last_modified? @@ -217,22 +245,8 @@ module ActionController # :nodoc: headers["Expires"] = headers.delete("") if headers["expires"] end - def set_cookies! - # Convert 'cookie' header to 'Set-Cookie' headers. - # Because Set-Cookie header can appear more the once in the response body, - # we store it in a line break separated string that will be translated to - # multiple Set-Cookie header by the handler. - if cookie = headers.delete('cookie') - cookies = [] - - case cookie - when Array then cookie.each { |c| cookies << c.to_s } - when Hash then cookie.each { |_, c| cookies << c.to_s } - else cookies << cookie.to_s - end - - headers['Set-Cookie'] = [headers['Set-Cookie'], cookies].flatten.compact - end + def convert_cookies! + headers['Set-Cookie'] = Array(headers['Set-Cookie']).compact end end end |