diff options
author | xibbar <xibbar@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2015-05-14 23:27:01 +0000 |
---|---|---|
committer | xibbar <xibbar@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2015-05-14 23:27:01 +0000 |
commit | a4344cb5b45953b750bc7329110b7c44de4f09a0 (patch) | |
tree | 33d4a692eb3454e43ab0b9a98f29a9da44d7f9c6 /lib/cgi | |
parent | d4011b3accfb94a41f5a0cae0ccbb722bfe748c4 (diff) |
* lib/cgi/cookie.rb: Implement HttpOnly flag for cookies.
[fix GH-887] Patch by @martinpovolny
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@50496 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'lib/cgi')
-rw-r--r-- | lib/cgi/cookie.rb | 62 |
1 files changed, 39 insertions, 23 deletions
diff --git a/lib/cgi/cookie.rb b/lib/cgi/cookie.rb index f74ba13764..eb100be1c2 100644 --- a/lib/cgi/cookie.rb +++ b/lib/cgi/cookie.rb @@ -10,29 +10,32 @@ class CGI # == Examples of use # cookie1 = CGI::Cookie.new("name", "value1", "value2", ...) # cookie1 = CGI::Cookie.new("name" => "name", "value" => "value") - # cookie1 = CGI::Cookie.new('name' => 'name', - # 'value' => ['value1', 'value2', ...], - # 'path' => 'path', # optional - # 'domain' => 'domain', # optional - # 'expires' => Time.now, # optional - # 'secure' => true, # optional + # cookie1 = CGI::Cookie.new('name' => 'name', + # 'value' => ['value1', 'value2', ...], + # 'path' => 'path', # optional + # 'domain' => 'domain', # optional + # 'expires' => Time.now, # optional + # 'secure' => true, # optional + # 'httponly' => true # optional # ) # # cgi.out("cookie" => [cookie1, cookie2]) { "string" } # - # name = cookie1.name - # values = cookie1.value - # path = cookie1.path - # domain = cookie1.domain - # expires = cookie1.expires - # secure = cookie1.secure + # name = cookie1.name + # values = cookie1.value + # path = cookie1.path + # domain = cookie1.domain + # expires = cookie1.expires + # secure = cookie1.secure + # httponly = cookie1.httponly # - # cookie1.name = 'name' - # cookie1.value = ['value1', 'value2', ...] - # cookie1.path = 'path' - # cookie1.domain = 'domain' - # cookie1.expires = Time.now + 30 - # cookie1.secure = true + # cookie1.name = 'name' + # cookie1.value = ['value1', 'value2', ...] + # cookie1.path = 'path' + # cookie1.domain = 'domain' + # cookie1.expires = Time.now + 30 + # cookie1.secure = true + # cookie1.httponly = true class Cookie < Array @@accept_charset="UTF-8" unless defined?(@@accept_charset) @@ -60,6 +63,8 @@ class CGI # secure:: whether this cookie is a secure cookie or not (default to # false). Secure cookies are only transmitted to HTTPS # servers. + # httponly:: whether this cookie is a HttpOnly cookie or not (default to + # false). HttpOnly cookies are not available to javascript. # # These keywords correspond to attributes of the cookie object. def initialize(name = "", *value) @@ -70,6 +75,7 @@ class CGI %r|^(.*/)|.match(ENV["SCRIPT_NAME"]) @path = ($1 or "") @secure = false + @httponly = false return super(value) end @@ -89,7 +95,8 @@ class CGI end @domain = options["domain"] @expires = options["expires"] - @secure = options["secure"] == true ? true : false + @secure = options["secure"] == true + @httponly = options["httponly"] == true super(value) end @@ -103,7 +110,9 @@ class CGI # Time at which this cookie expires, as a +Time+ attr_accessor :expires # True if this cookie is secure; false otherwise - attr_reader("secure") + attr_reader :secure + # True if this cookie is httponly; false otherwise + attr_reader :httponly # Returns the value or list of values for this cookie. def value @@ -119,8 +128,14 @@ class CGI # # +val+ must be a boolean. def secure=(val) - @secure = val if val == true or val == false - @secure + @secure = !!val + end + + # Set whether the Cookie is a httponly cookie or not. + # + # +val+ must be a boolean. + def httponly=(val) + @httponly = !!val end # Convert the Cookie to its string representation. @@ -130,7 +145,8 @@ class CGI buf << "; domain=#{@domain}" if @domain buf << "; path=#{@path}" if @path buf << "; expires=#{CGI::rfc1123_date(@expires)}" if @expires - buf << "; secure" if @secure == true + buf << "; secure" if @secure + buf << "; HttpOnly" if @httponly buf end |