sjs/http-cookie
1
0
Fork 0
mirror of https://github.com/samsonjs/http-cookie.git synced 2026-03-25 08:55:53 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
324 commits 1 branch 0 tags 450 KiB
Commit graph

70 commits

Author SHA1 Message Date
Mike Dalessio
22ea7af086
fix: be explicit about frozen string literals to quash warnings 2024-03-24 10:02:56 -04:00
Mike Dalessio
cffe3247ef
test: update uri tests with better names 
so we can clearly tell which entry fails
 2024-03-23 21:56:40 -04:00
Akinori MUSHA
8930674adf Change the custom URI parser to be a bit more conservative 
First try the default URI(), and if it fails relax the restrictions on
the path component as a fallback.
 2023-11-02 01:48:31 +09:00
Christian Schmidt
052479536c Allow non-RFC 3986-compliant URLs 2023-10-12 18:34:07 +02:00
Akinori MUSHA
d12449a983 Fix tests in the same way as the YAMLSaver implementation 2022-05-25 15:26:53 +09:00
Akinori MUSHA
7f94a9e5d9 Treat comma as normal character in HTTP::Cookie.cookie_value_to_hash 
As pointed out in CVE-2016-7401, treating comma in a Cookie header value
as separator may cause security problems.
 2016-09-30 19:20:39 +09:00
Akinori MUSHA
391ada20d0 HTTP::Cookie.parse() should not raise an exception if it finds a bad name or value. 2013-09-10 14:48:29 +09:00
Akinori MUSHA
a0202e2192 Cookie#max_age= should not reset #expires when it fails. 2013-04-18 22:22:11 +09:00
Akinori MUSHA
04950f6796 Cookie#new: Reject a mixed case symbol as keyword for simplicity. 
This fixes error with Ruby 1.8.
 2013-04-16 16:39:55 +09:00
Akinori MUSHA
5bdb8f41ae Cookie#new prefers downcased symbols for keywords. 
Test warnings.
 2013-04-16 08:44:48 +09:00
Akinori MUSHA
db58d2c8ab silently(): Use ensure. 2013-04-16 00:04:15 +09:00
Akinori MUSHA
d44218c2e2 Cookie#acceptable? should not raise ArgumentError when it takes no argument. 
Let CookieJar#add convert RuntimeError raised by acceptable? to
ArgumentError.
 2013-04-15 10:29:07 +09:00
Akinori MUSHA
28458101b6 HTTP::Cookie.set_cookie_value: Don't take an origin argument. 2013-04-15 08:54:09 +09:00
Akinori MUSHA
1a05bb4dd0 Add more tests. 2013-04-14 13:40:49 +09:00
Akinori MUSHA
028b77987c Gain more coverage. 2013-04-14 13:02:04 +09:00
Akinori MUSHA
75267e8002 Use assert_send for comparison tests to see what is going on. 2013-04-12 23:18:06 +09:00
Akinori MUSHA
e1857d76a4 Add Cookie.cookie_value and Cookie.cookie_value_to_hash. 2013-04-12 02:15:13 +09:00
Akinori MUSHA
82e65b4a9b Allow assigning nil to the cookie value to make an expiration cookie. 
Cookie.new(): Make the value parameter can be omittable.
 2013-04-12 02:13:08 +09:00
Akinori MUSHA
6689b3b7aa Drop support for obsolete attributes: version and comment. 2013-04-07 23:09:30 +09:00
Akinori MUSHA
9e46ce0d30 Cookie#max_age= should reject malformed strings. 2013-04-07 23:07:20 +09:00
Akinori MUSHA
f5f82c0304 Fix test_parse_bad_version and test_parse_bad_max_age. 2013-04-07 23:02:14 +09:00
Akinori MUSHA
7dba33bd40 Cookie#domain=: Fix handling of an empty string and let it accept nil. 2013-04-03 17:58:41 +09:00
Akinori MUSHA
ffabb614ad Perform acceptance check in CookieJar#add instead of origin=. 
- Cookie#acceptable? is added, which is called by such methods as
  Cookie.parse and CookieJar#add.

- Cookie#origin= no longer raises ArgumentError just because it
  conflicts with the domain.

- Cookie#origin= raises ArgumentError if it is given an object that is
  not URI or string-like.
 2013-04-03 17:57:27 +09:00
Akinori MUSHA
dc65a98907 HTTP::Cookie.parse: Change the signature again. 
I made the uri parameter optional when I introduced the origin
attribute, but on second thought it should always be given.

I'm making the origin parameter fixed and mandatory again, but this
time it comes next to set_cookie.  This order should look more natural
because the one that comes first is to be parsed.

Since Mechanize::Cookie.parse required the uri parameter to be a URI
object, backward compatibility is still possible.
 2013-03-29 01:39:30 +09:00
Akinori MUSHA
ef7bdeefba Cookie#cookie_value too should quote values if necessary. 2013-03-28 22:06:19 +09:00
Akinori MUSHA
11a9df8559 Fix handling of the :for_domain option in HTTP::Cookie.new(). 2013-03-28 01:46:42 +09:00
Akinori MUSHA
c5252649c8 Add some tests that fail to spot bugs. 2013-03-28 00:34:49 +09:00
Akinori MUSHA
619b915a94 Fix test_yaml_expires taking care of time precisions. 2013-03-27 20:08:27 +09:00
Akinori MUSHA
eed7e57813 Use the cookie creation time as base time for Max-Age. 
Now #expire returns created_at + max_age when expires is nil.

Cookie.parse: the :date keyword is renamed to :created_at, and the
value is set to in parsed cookies via #created_at.

In YAML serialization, #max_age is stored.
 2013-03-27 19:50:30 +09:00
Akinori MUSHA
f2ea366de2 Add HTTP::Cookie#dot_domain. 2013-03-26 01:48:27 +09:00
Akinori MUSHA
5b78957e19 Conform to RFC 6265 5.1.4 in that path=/a matches /a/* but not /ab. 
Remove HTTP::Cookie.normalize_path and add HTTP::Cookie.path_match?
instead for comparison.
 2013-03-23 02:02:56 +09:00
Akinori MUSHA
4cbea79c00 Improve tests for valid_for_uri?. 2013-03-23 01:54:58 +09:00
Akinori MUSHA
d47e2fe8ad Add tests for #path. 2013-03-23 01:39:46 +09:00
Akinori MUSHA
38f7e98f09 Replace compatibility errors with documentation. 
Leave compatibility stuff to Mechanize itself and just keep
http-cookie clean.
 2013-03-23 00:27:38 +09:00
Akinori MUSHA
ddf74fee1e Rewrite the Set-Cookie header parser entirely. 
The new parser is almost RFC 6265 compliant as the previous
implementation but has some extensions:

- It can parse double-quoted values with unsafe characters inside
  escaped with the backslash.

- It parses a date value of the expires attribute in the way the RFC
  describes, with an exception that it allows omission of the seconds
  field.  Some of the broken date representations that used to pass
  are now treated as error and ignored.

- It can parse a Set-Cookie value that contains multiple cookie
  definitions separated by comma, and commas put inside double quotes
  are not mistaken as definition separator.
 2013-03-21 15:52:22 +09:00
Akinori MUSHA
66f37b20dd Rename expire to expire!, to reduce the risk of making a typo. 2013-03-21 15:46:45 +09:00
Akinori MUSHA
5d0bc5f67d Disallow some more bad characters in name=/value=. 2013-03-21 15:46:45 +09:00
Akinori MUSHA
cc6780a5bc A relative path must be treated as the root path as per RFC 6265 5.1.4. 2013-03-21 15:46:45 +09:00
Akinori MUSHA
f14c1786cd Make expires and max_age affect each other and drop session=(). 2013-03-21 15:46:45 +09:00
Akinori MUSHA
ceea67add9 Drop multi-byte characters from the test, which are not allowed. 2013-03-21 15:46:45 +09:00
Akinori MUSHA
7d81c10914 A cookie value may be DQUOTE'd as per RFC 6265 2.2. 
Escaping with the backslash character is not mentioned in the RFC but
the backslash character is not allowed here anyway, so just be nice
and support it for legacy applications.
 2013-03-21 15:46:45 +09:00
Akinori MUSHA
dff0f57614 Delete trailing whitespace. 2013-03-18 00:43:52 +09:00
Akinori MUSHA
c389a52e2c Drop dependency on WEBrick::HTTPUtils. 2013-03-18 00:09:01 +09:00
Akinori MUSHA
6d3f4ee2dd parse() ignores bad cookies. 2013-03-18 00:06:20 +09:00
Akinori MUSHA
4a5eb9801a Test that parse() actually returns a cookie. 2013-03-18 00:05:31 +09:00
Akinori MUSHA
b86690cb21 Check if the scheme is http(s) and the host is non-nil in URI. 2013-03-15 11:21:57 +09:00
Akinori MUSHA
c0d5f3a121 Add error messages to make migration from Mechanize::Cookie easier. 
Add a section to elaborate on the incompatibilities to README.md.
 2013-03-15 05:53:11 +09:00
Akinori MUSHA
3b38cd2ffd Use multi-assignment. 2013-03-15 04:20:59 +09:00
Akinori MUSHA
a831fc424c Add HTTP::Cookie#set_cookie_value, and alias #cookie_value to #to_s. 2013-03-15 04:20:59 +09:00
Akinori MUSHA
1fcf008cf0 Make HTTP::Cookie#expired? optionally take a time. 2013-03-15 04:20:59 +09:00