sjs/http-cookie
1
0
Fork 0
mirror of https://github.com/samsonjs/http-cookie.git synced 2026-04-27 14:57:46 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Disallow changing the origin of a cookie once it is set.

Browse source
This commit is contained in:
Akinori MUSHA 2012-10-17 22:28:57 +09:00
parent 532101a102
commit 1a471513de
2 changed files with 5 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
lib/http/cookie.rb
View file

@ -220,6 +220,8 @@ class HTTP::Cookie
end end
def origin=(origin) def origin=(origin)
@origin.nil? or
raise ArgumentError, "origin cannot be changed once it is set"
origin = URI(origin) origin = URI(origin)
acceptable_from_uri?(origin) or acceptable_from_uri?(origin) or
raise ArgumentError, "unacceptable cookie sent from URI #{origin}" raise ArgumentError, "unacceptable cookie sent from URI #{origin}"

3
test/test_http_cookie.rb
View file

@ -505,6 +505,9 @@ class TestHTTPCookie < Test::Unit::TestCase
assert_equal '/', cookie.path assert_equal '/', cookie.path
assert_equal 'example.com', cookie.domain assert_equal 'example.com', cookie.domain
assert_equal true, cookie.for_domain assert_equal true, cookie.for_domain
assert_raises(ArgumentError) {
cookie.origin = URI.parse('http://www.example.com/')
}
cookie_str = 'a=b; domain=example.com' cookie_str = 'a=b; domain=example.com'
cookie = HTTP::Cookie.parse(cookie_str).first cookie = HTTP::Cookie.parse(cookie_str).first