sjs/http-cookie
1
0
Fork 0
mirror of https://github.com/samsonjs/http-cookie.git synced 2026-03-25 08:55:53 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Inhibit a domain-less cookie from being used for checking validity.

Browse source
This commit is contained in:
Akinori MUSHA 2012-10-18 19:00:33 +09:00
parent c3e4fae60c
commit dd3ca9a0f1
2 changed files with 11 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
lib/http/cookie.rb
View file

@ -265,8 +265,11 @@ class HTTP::Cookie
def valid_for_uri?(uri) def valid_for_uri?(uri)
uri = URI(uri) uri = URI(uri)
if @domain.nil?
raise "cannot tell if this cookie is valid because the domain is unknown"
end
return false if secure? && uri.scheme != 'https' return false if secure? && uri.scheme != 'https'
acceptable_from_uri?(uri) && (@path.nil? || uri.path.start_with?(@path)) acceptable_from_uri?(uri) && uri.path.start_with?(@path)
end end
def to_s def to_s

7
test/test_http_cookie.rb
View file

@ -465,6 +465,13 @@ class TestHTTPCookie < Test::Unit::TestCase
assert_equal true, cookie.for_domain? assert_equal true, cookie.for_domain?
end end
def test_domain_nil
cookie = HTTP::Cookie.parse('a=b').first
assert_raises(RuntimeError) {
cookie.valid_for_uri?('http://example.com/')
}
end
def test_domain= def test_domain=
url = URI.parse('http://host.dom.example.com:8080/') url = URI.parse('http://host.dom.example.com:8080/')