aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_controller/cgi_ext/cookie.rb
diff options
context:
space:
mode:
Diffstat (limited to 'actionpack/lib/action_controller/cgi_ext/cookie.rb')
-rw-r--r--actionpack/lib/action_controller/cgi_ext/cookie.rb58
1 files changed, 22 insertions, 36 deletions
diff --git a/actionpack/lib/action_controller/cgi_ext/cookie.rb b/actionpack/lib/action_controller/cgi_ext/cookie.rb
index 68ac7062f8..67ba9da829 100644
--- a/actionpack/lib/action_controller/cgi_ext/cookie.rb
+++ b/actionpack/lib/action_controller/cgi_ext/cookie.rb
@@ -3,6 +3,9 @@ CGI.module_eval { remove_const "Cookie" }
# TODO: document how this differs from stdlib CGI::Cookie
class CGI #:nodoc:
class Cookie < DelegateClass(Array)
+ attr_accessor :name, :value, :path, :domain, :expires
+ attr_reader :secure, :http_only
+
# Create a new CGI::Cookie object.
#
# The contents of the cookie can be specified as a +name+ and one
@@ -19,7 +22,9 @@ class CGI #:nodoc:
# secure:: whether this cookie is a secure cookie or not (default to
# false). Secure cookies are only transmitted to HTTPS
# servers.
- #
+ # http_only:: whether this cookie can be accessed by client side scripts (e.g. document.cookie) or only over HTTP
+ # More details: http://msdn2.microsoft.com/en-us/library/system.web.httpcookie.httponly.aspx
+ # Defaults to false.
# These keywords correspond to attributes of the cookie object.
def initialize(name = '', *value)
if name.kind_of?(String)
@@ -28,6 +33,7 @@ class CGI #:nodoc:
@domain = nil
@expires = nil
@secure = false
+ @http_only = false
@path = nil
else
@name = name['name']
@@ -35,12 +41,11 @@ class CGI #:nodoc:
@domain = name['domain']
@expires = name['expires']
@secure = name['secure'] || false
+ @http_only = name['http_only'] || false
@path = name['path']
end
- unless @name
- raise ArgumentError, "`name' required"
- end
+ raise ArgumentError, "`name' required" unless @name
# simple support for IE
unless @path
@@ -55,45 +60,26 @@ class CGI #:nodoc:
@_dc_obj = obj
end
- attr_accessor("name", "value", "path", "domain", "expires")
- attr_reader("secure")
-
# Set whether the Cookie is a secure cookie or not.
- #
- # +val+ must be a boolean.
def secure=(val)
- @secure = val if val == true or val == false
- @secure
+ @secure = val == true
+ end
+
+ # Set whether the Cookie is an HTTP only cookie or not.
+ def http_only=(val)
+ @http_only = val == true
end
# Convert the Cookie to its string representation.
def to_s
- buf = ""
+ buf = ''
buf << @name << '='
-
- if @value.kind_of?(String)
- buf << CGI::escape(@value)
- else
- buf << @value.collect{|v| CGI::escape(v) }.join("&")
- end
-
- if @domain
- buf << '; domain=' << @domain
- end
-
- if @path
- buf << '; path=' << @path
- end
-
- if @expires
- buf << '; expires=' << CGI::rfc1123_date(@expires)
- end
-
- if @secure == true
- buf << '; secure'
- end
-
- buf
+ buf << (@value.kind_of?(String) ? CGI::escape(@value) : @value.collect{|v| CGI::escape(v) }.join("&"))
+ buf << '; domain=' << @domain if @domain
+ buf << '; path=' << @path if @path
+ buf << '; expires=' << CGI::rfc1123_date(@expires) if @expires
+ buf << '; secure' if @secure
+ buf << '; HttpOnly' if @http_only
end
# Parse a raw cookie string into a hash of cookie-name=>Cookie