Add support for the HttpOnly attribute.

New methods are added to HTTP::Cookie: httponly?, httponly=
2026-03-25 08:55:53 +00:00 · 2013-03-12 00:22:42 +09:00 · 2013-03-12 00:22:42 +09:00 · 6d8fb94f83
commit 6d8fb94f83
parent 2af7ffa907
2 changed files with 18 additions and 7 deletions
--- a/lib/http/cookie.rb
+++ b/lib/http/cookie.rb
@ -12,7 +12,7 @@ class HTTP::Cookie
  PERSISTENT_PROPERTIES = %w[
    name        value
    domain      for_domain  path
-    secure
+    secure      httponly
    expires     created_at  accessed_at
  ]
  True  = "TRUE"
@ -48,7 +48,7 @@ class HTTP::Cookie
  include URIFix if defined?(URIFix)

  attr_reader :name, :domain, :path, :origin
-  attr_accessor :secure, :value, :version
+  attr_accessor :secure, :httponly, :value, :version
  attr_reader :domain_name
  attr_accessor :comment, :max_age

@ -75,8 +75,10 @@ class HTTP::Cookie
  def initialize(*args)
    @version = 0     # Netscape Cookie

-    @origin = @domain = @path = @secure = @comment = @max_age =
-      @expires = nil
+    @origin = @domain = @path =
+      @secure = @httponly =
+      @expires = @max_age =
+      @comment = nil

    @created_at = @accessed_at = Time.now
    case args.size
@ -200,14 +202,17 @@ class HTTP::Cookie
              end
            when 'secure'
              cookie.secure = true
+            when 'httponly'
+              cookie.httponly = true
            end
          end

-          cookie.secure  ||= false
+          cookie.secure   ||= false
+          cookie.httponly ||= false

          # RFC 6265 4.1.2.2
-          cookie.expires   = Time.now + cookie.max_age if cookie.max_age
-          cookie.session   = !cookie.expires
+          cookie.expires    = Time.now + cookie.max_age if cookie.max_age
+          cookie.session    = !cookie.expires

          if origin
            begin
@ -326,6 +331,7 @@ class HTTP::Cookie
  end

  alias secure? secure
+  alias httponly? httponly

  def acceptable_from_uri?(uri)
    uri = URI(uri)
--- a/test/test_http_cookie.rb
+++ b/test/test_http_cookie.rb
@ -284,6 +284,7 @@ class TestHTTPCookie < Test::Unit::TestCase
      assert_equal('/', cookie.path)

      assert_equal(keys.include?('expires') ? @expires : nil, cookie.expires)
+      assert_equal(keys.include?('httponly'), cookie.httponly?)
    end
  end

@ -302,6 +303,7 @@ class TestHTTPCookie < Test::Unit::TestCase
      assert_equal('/', cookie.path)

      assert_equal(keys.include?('expires') ? @expires : nil, cookie.expires)
+      assert_equal(keys.include?('httponly'), cookie.httponly?)
    end
  end

@ -321,6 +323,7 @@ class TestHTTPCookie < Test::Unit::TestCase
      assert_equal('/', cookie.path)

      assert_equal(keys.include?('expires') ? @expires : nil, cookie.expires)
+      assert_equal(keys.include?('httponly'), cookie.httponly?)
    end
  end

@ -341,6 +344,7 @@ class TestHTTPCookie < Test::Unit::TestCase
      assert_equal(true, cookie.secure)

      assert_equal(keys.include?('expires') ? @expires : nil, cookie.expires)
+      assert_equal(keys.include?('httponly'), cookie.httponly?)
    end
  end

@ -358,6 +362,7 @@ class TestHTTPCookie < Test::Unit::TestCase
      assert_equal('/', cookie.path)

      assert_equal(keys.include?('expires') ? @expires : nil, cookie.expires)
+      assert_equal(keys.include?('httponly'), cookie.httponly?)
    end
  end