summaryrefslogtreecommitdiff
path: root/lib/cgi/cookie.rb
diff options
context:
space:
mode:
authorxibbar <xibbar@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2015-05-14 23:27:01 +0000
committerxibbar <xibbar@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2015-05-14 23:27:01 +0000
commita4344cb5b45953b750bc7329110b7c44de4f09a0 (patch)
tree33d4a692eb3454e43ab0b9a98f29a9da44d7f9c6 /lib/cgi/cookie.rb
parentd4011b3accfb94a41f5a0cae0ccbb722bfe748c4 (diff)
* lib/cgi/cookie.rb: Implement HttpOnly flag for cookies.
[fix GH-887] Patch by @martinpovolny git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@50496 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'lib/cgi/cookie.rb')
-rw-r--r--lib/cgi/cookie.rb62
1 files changed, 39 insertions, 23 deletions
diff --git a/lib/cgi/cookie.rb b/lib/cgi/cookie.rb
index f74ba13764a..eb100be1c2f 100644
--- a/lib/cgi/cookie.rb
+++ b/lib/cgi/cookie.rb
@@ -10,29 +10,32 @@ class CGI
# == Examples of use
# cookie1 = CGI::Cookie.new("name", "value1", "value2", ...)
# cookie1 = CGI::Cookie.new("name" => "name", "value" => "value")
- # cookie1 = CGI::Cookie.new('name' => 'name',
- # 'value' => ['value1', 'value2', ...],
- # 'path' => 'path', # optional
- # 'domain' => 'domain', # optional
- # 'expires' => Time.now, # optional
- # 'secure' => true, # optional
+ # cookie1 = CGI::Cookie.new('name' => 'name',
+ # 'value' => ['value1', 'value2', ...],
+ # 'path' => 'path', # optional
+ # 'domain' => 'domain', # optional
+ # 'expires' => Time.now, # optional
+ # 'secure' => true, # optional
+ # 'httponly' => true # optional
# )
#
# cgi.out("cookie" => [cookie1, cookie2]) { "string" }
#
- # name = cookie1.name
- # values = cookie1.value
- # path = cookie1.path
- # domain = cookie1.domain
- # expires = cookie1.expires
- # secure = cookie1.secure
+ # name = cookie1.name
+ # values = cookie1.value
+ # path = cookie1.path
+ # domain = cookie1.domain
+ # expires = cookie1.expires
+ # secure = cookie1.secure
+ # httponly = cookie1.httponly
#
- # cookie1.name = 'name'
- # cookie1.value = ['value1', 'value2', ...]
- # cookie1.path = 'path'
- # cookie1.domain = 'domain'
- # cookie1.expires = Time.now + 30
- # cookie1.secure = true
+ # cookie1.name = 'name'
+ # cookie1.value = ['value1', 'value2', ...]
+ # cookie1.path = 'path'
+ # cookie1.domain = 'domain'
+ # cookie1.expires = Time.now + 30
+ # cookie1.secure = true
+ # cookie1.httponly = true
class Cookie < Array
@@accept_charset="UTF-8" unless defined?(@@accept_charset)
@@ -60,6 +63,8 @@ class CGI
# secure:: whether this cookie is a secure cookie or not (default to
# false). Secure cookies are only transmitted to HTTPS
# servers.
+ # httponly:: whether this cookie is a HttpOnly cookie or not (default to
+ # false). HttpOnly cookies are not available to javascript.
#
# These keywords correspond to attributes of the cookie object.
def initialize(name = "", *value)
@@ -70,6 +75,7 @@ class CGI
%r|^(.*/)|.match(ENV["SCRIPT_NAME"])
@path = ($1 or "")
@secure = false
+ @httponly = false
return super(value)
end
@@ -89,7 +95,8 @@ class CGI
end
@domain = options["domain"]
@expires = options["expires"]
- @secure = options["secure"] == true ? true : false
+ @secure = options["secure"] == true
+ @httponly = options["httponly"] == true
super(value)
end
@@ -103,7 +110,9 @@ class CGI
# Time at which this cookie expires, as a +Time+
attr_accessor :expires
# True if this cookie is secure; false otherwise
- attr_reader("secure")
+ attr_reader :secure
+ # True if this cookie is httponly; false otherwise
+ attr_reader :httponly
# Returns the value or list of values for this cookie.
def value
@@ -119,8 +128,14 @@ class CGI
#
# +val+ must be a boolean.
def secure=(val)
- @secure = val if val == true or val == false
- @secure
+ @secure = !!val
+ end
+
+ # Set whether the Cookie is a httponly cookie or not.
+ #
+ # +val+ must be a boolean.
+ def httponly=(val)
+ @httponly = !!val
end
# Convert the Cookie to its string representation.
@@ -130,7 +145,8 @@ class CGI
buf << "; domain=#{@domain}" if @domain
buf << "; path=#{@path}" if @path
buf << "; expires=#{CGI::rfc1123_date(@expires)}" if @expires
- buf << "; secure" if @secure == true
+ buf << "; secure" if @secure
+ buf << "; HttpOnly" if @httponly
buf
end