From 6d8fb94f8327cc531a0c0c40ec0306e674dd2a0a Mon Sep 17 00:00:00 2001 From: Akinori MUSHA Date: Tue, 12 Mar 2013 00:22:42 +0900 Subject: [PATCH] Add support for the HttpOnly attribute. New methods are added to HTTP::Cookie: httponly?, httponly= --- lib/http/cookie.rb | 20 +++++++++++++------- test/test_http_cookie.rb | 5 +++++ 2 files changed, 18 insertions(+), 7 deletions(-) diff --git a/lib/http/cookie.rb b/lib/http/cookie.rb index a62e07b..4d70b69 100644 --- a/lib/http/cookie.rb +++ b/lib/http/cookie.rb @@ -12,7 +12,7 @@ class HTTP::Cookie PERSISTENT_PROPERTIES = %w[ name value domain for_domain path - secure + secure httponly expires created_at accessed_at ] True = "TRUE" @@ -48,7 +48,7 @@ class HTTP::Cookie include URIFix if defined?(URIFix) attr_reader :name, :domain, :path, :origin - attr_accessor :secure, :value, :version + attr_accessor :secure, :httponly, :value, :version attr_reader :domain_name attr_accessor :comment, :max_age @@ -75,8 +75,10 @@ class HTTP::Cookie def initialize(*args) @version = 0 # Netscape Cookie - @origin = @domain = @path = @secure = @comment = @max_age = - @expires = nil + @origin = @domain = @path = + @secure = @httponly = + @expires = @max_age = + @comment = nil @created_at = @accessed_at = Time.now case args.size @@ -200,14 +202,17 @@ class HTTP::Cookie end when 'secure' cookie.secure = true + when 'httponly' + cookie.httponly = true end end - cookie.secure ||= false + cookie.secure ||= false + cookie.httponly ||= false # RFC 6265 4.1.2.2 - cookie.expires = Time.now + cookie.max_age if cookie.max_age - cookie.session = !cookie.expires + cookie.expires = Time.now + cookie.max_age if cookie.max_age + cookie.session = !cookie.expires if origin begin @@ -326,6 +331,7 @@ class HTTP::Cookie end alias secure? secure + alias httponly? httponly def acceptable_from_uri?(uri) uri = URI(uri) diff --git a/test/test_http_cookie.rb b/test/test_http_cookie.rb index eef80e6..1bedead 100644 --- a/test/test_http_cookie.rb +++ b/test/test_http_cookie.rb @@ -284,6 +284,7 @@ class TestHTTPCookie < Test::Unit::TestCase assert_equal('/', cookie.path) assert_equal(keys.include?('expires') ? @expires : nil, cookie.expires) + assert_equal(keys.include?('httponly'), cookie.httponly?) end end @@ -302,6 +303,7 @@ class TestHTTPCookie < Test::Unit::TestCase assert_equal('/', cookie.path) assert_equal(keys.include?('expires') ? @expires : nil, cookie.expires) + assert_equal(keys.include?('httponly'), cookie.httponly?) end end @@ -321,6 +323,7 @@ class TestHTTPCookie < Test::Unit::TestCase assert_equal('/', cookie.path) assert_equal(keys.include?('expires') ? @expires : nil, cookie.expires) + assert_equal(keys.include?('httponly'), cookie.httponly?) end end @@ -341,6 +344,7 @@ class TestHTTPCookie < Test::Unit::TestCase assert_equal(true, cookie.secure) assert_equal(keys.include?('expires') ? @expires : nil, cookie.expires) + assert_equal(keys.include?('httponly'), cookie.httponly?) end end @@ -358,6 +362,7 @@ class TestHTTPCookie < Test::Unit::TestCase assert_equal('/', cookie.path) assert_equal(keys.include?('expires') ? @expires : nil, cookie.expires) + assert_equal(keys.include?('httponly'), cookie.httponly?) end end