diff options
author | Rafael Mendonça França <rafaelmfranca@gmail.com> | 2012-03-19 16:28:15 -0300 |
---|---|---|
committer | Rafael Mendonça França <rafaelmfranca@gmail.com> | 2012-03-19 16:31:57 -0300 |
commit | 6e04a78462cc41160c094f79cb3433051c38369f (patch) | |
tree | c6db5898cdbd709f10c02e6691600474d2d59335 /actionpack | |
parent | 139bf55b26e3a415c11fcf631c2dead81bd9df67 (diff) | |
download | rails-6e04a78462cc41160c094f79cb3433051c38369f.tar.gz rails-6e04a78462cc41160c094f79cb3433051c38369f.tar.bz2 rails-6e04a78462cc41160c094f79cb3433051c38369f.zip |
Fix secure cookies when there are more than one space before the secure
keyword
Diffstat (limited to 'actionpack')
-rw-r--r-- | actionpack/lib/action_dispatch/middleware/ssl.rb | 2 | ||||
-rw-r--r-- | actionpack/test/dispatch/ssl_test.rb | 28 |
2 files changed, 29 insertions, 1 deletions
diff --git a/actionpack/lib/action_dispatch/middleware/ssl.rb b/actionpack/lib/action_dispatch/middleware/ssl.rb index 39b27ecbf9..9098f4e170 100644 --- a/actionpack/lib/action_dispatch/middleware/ssl.rb +++ b/actionpack/lib/action_dispatch/middleware/ssl.rb @@ -58,7 +58,7 @@ module ActionDispatch cookies = cookies.split("\n") headers['Set-Cookie'] = cookies.map { |cookie| - if cookie !~ /; secure(;|$)/ + if cookie !~ /;\s+secure(;|$)/ "#{cookie}; secure" else cookie diff --git a/actionpack/test/dispatch/ssl_test.rb b/actionpack/test/dispatch/ssl_test.rb index f4cfa75501..6f075a9074 100644 --- a/actionpack/test/dispatch/ssl_test.rb +++ b/actionpack/test/dispatch/ssl_test.rb @@ -84,6 +84,34 @@ class SSLTest < ActionDispatch::IntegrationTest response.headers['Set-Cookie'].split("\n") end + def test_flag_cookies_as_secure_with_more_spaces_before + self.app = ActionDispatch::SSL.new(lambda { |env| + headers = { + 'Content-Type' => "text/html", + 'Set-Cookie' => "problem=def; path=/; HttpOnly; secure" + } + [200, headers, ["OK"]] + }) + + get "https://example.org/" + assert_equal ["problem=def; path=/; HttpOnly; secure"], + response.headers['Set-Cookie'].split("\n") + end + + def test_flag_cookies_as_secure_with_more_spaces_after + self.app = ActionDispatch::SSL.new(lambda { |env| + headers = { + 'Content-Type' => "text/html", + 'Set-Cookie' => "problem=def; path=/; secure; HttpOnly" + } + [200, headers, ["OK"]] + }) + + get "https://example.org/" + assert_equal ["problem=def; path=/; secure; HttpOnly"], + response.headers['Set-Cookie'].split("\n") + end + def test_no_cookies self.app = ActionDispatch::SSL.new(lambda { |env| [200, {'Content-Type' => "text/html"}, ["OK"]] |