sjs/http-cookie
1
0
Fork 0
mirror of https://github.com/samsonjs/http-cookie.git synced 2026-04-10 11:25:52 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
120 commits 1 branch 0 tags 450 KiB
Commit graph

36 commits

Author SHA1 Message Date
Akinori MUSHA
ddf74fee1e Rewrite the Set-Cookie header parser entirely. 
The new parser is almost RFC 6265 compliant as the previous
implementation but has some extensions:

- It can parse double-quoted values with unsafe characters inside
  escaped with the backslash.

- It parses a date value of the expires attribute in the way the RFC
  describes, with an exception that it allows omission of the seconds
  field.  Some of the broken date representations that used to pass
  are now treated as error and ignored.

- It can parse a Set-Cookie value that contains multiple cookie
  definitions separated by comma, and commas put inside double quotes
  are not mistaken as definition separator.
 2013-03-21 15:52:22 +09:00
Akinori MUSHA
66f37b20dd Rename expire to expire!, to reduce the risk of making a typo. 2013-03-21 15:46:45 +09:00
Akinori MUSHA
5d0bc5f67d Disallow some more bad characters in name=/value=. 2013-03-21 15:46:45 +09:00
Akinori MUSHA
cc6780a5bc A relative path must be treated as the root path as per RFC 6265 5.1.4. 2013-03-21 15:46:45 +09:00
Akinori MUSHA
f14c1786cd Make expires and max_age affect each other and drop session=(). 2013-03-21 15:46:45 +09:00
Akinori MUSHA
ceea67add9 Drop multi-byte characters from the test, which are not allowed. 2013-03-21 15:46:45 +09:00
Akinori MUSHA
7d81c10914 A cookie value may be DQUOTE'd as per RFC 6265 2.2. 
Escaping with the backslash character is not mentioned in the RFC but
the backslash character is not allowed here anyway, so just be nice
and support it for legacy applications.
 2013-03-21 15:46:45 +09:00
Akinori MUSHA
dff0f57614 Delete trailing whitespace. 2013-03-18 00:43:52 +09:00
Akinori MUSHA
c389a52e2c Drop dependency on WEBrick::HTTPUtils. 2013-03-18 00:09:01 +09:00
Akinori MUSHA
6d3f4ee2dd parse() ignores bad cookies. 2013-03-18 00:06:20 +09:00
Akinori MUSHA
4a5eb9801a Test that parse() actually returns a cookie. 2013-03-18 00:05:31 +09:00
Akinori MUSHA
b86690cb21 Check if the scheme is http(s) and the host is non-nil in URI. 2013-03-15 11:21:57 +09:00
Akinori MUSHA
c0d5f3a121 Add error messages to make migration from Mechanize::Cookie easier. 
Add a section to elaborate on the incompatibilities to README.md.
 2013-03-15 05:53:11 +09:00
Akinori MUSHA
3b38cd2ffd Use multi-assignment. 2013-03-15 04:20:59 +09:00
Akinori MUSHA
a831fc424c Add HTTP::Cookie#set_cookie_value, and alias #cookie_value to #to_s. 2013-03-15 04:20:59 +09:00
Akinori MUSHA
1fcf008cf0 Make HTTP::Cookie#expired? optionally take a time. 2013-03-15 04:20:59 +09:00
Akinori MUSHA
d8be652a92 Add HTTP::Cookie#expire. 2013-03-15 04:20:58 +09:00
Akinori MUSHA
84d375e3b7 Make HTTP::Cookie.parse() reject cookies longer than 4096 bytes. 
This limit is defined as HTTP::Cookie::MAX_LENGTH.
 2013-03-15 04:20:58 +09:00
Akinori MUSHA
10e9ca5c60 Add HTTP::Cookie#session? as an alias for #session. 2013-03-15 04:20:58 +09:00
Akinori MUSHA
9d842404e3 Fix <=> so that two cookies of different values are not equal. 2013-03-12 18:32:18 +09:00
Akinori MUSHA
ea4759bd27 Add a test for <=>. 2013-03-12 18:32:18 +09:00
Akinori MUSHA
7554bffb32 Allow passing a base time to HTTP::Cookie.parse() via :date. 2013-03-12 18:32:18 +09:00
Akinori MUSHA
6d8fb94f83 Add support for the HttpOnly attribute. 
New methods are added to HTTP::Cookie: httponly?, httponly=
 2013-03-12 18:32:18 +09:00
Akinori MUSHA
2af7ffa907 Refactor the test code. 2013-03-12 18:32:18 +09:00
Akinori MUSHA
fa45e028a7 Treat an empty path as '/'. 
HTTP::CookieJar#cookies: Do not modify a given URI.  Remove a
redundant cleanup() call.
 2012-10-22 14:21:46 +09:00
Akinori MUSHA
a47a849387 Define HTTP::Cookie#name= with validation. 2012-10-22 03:52:25 +09:00
Akinori MUSHA
a342680e4e Fix and move some tests from test_http_cookie_jar.rb to test_http_cookie.rb. 2012-10-22 02:38:08 +09:00
Akinori MUSHA
dd3ca9a0f1 Inhibit a domain-less cookie from being used for checking validity. 2012-10-18 19:00:33 +09:00
Akinori MUSHA
75f7ee6505 Make valid_for_uri? and acceptable_from_uri? accept a URL string also. 2012-10-18 18:57:46 +09:00
Akinori MUSHA
e010e8f30e Add tests for valid_for_uri?. 2012-10-18 18:52:06 +09:00
Akinori MUSHA
1a471513de Disallow changing the origin of a cookie once it is set. 2012-10-17 22:35:30 +09:00
Akinori MUSHA
532101a102 Introduce a new cookie object attribute "origin". 
Change the signature of HTTP::Cookie.parse() so that it only
optionally takes an origin URI.  When one is given, the method checks
if each piece of cookie in the header value is valid and acceptable
from the origin to ignore unacceptable cookies.
 2012-10-17 22:35:30 +09:00
Akinori MUSHA
905cd2bc26 HTTP::Cookie.parse now returns an compacted array. 2012-10-17 22:34:29 +09:00
Akinori MUSHA
0cf86222f6 Booleanize the value if the key name is suffixed with a "?". 
Neglect the "!" suffix that is not suitable for an attribute name
while at it.
 2012-10-17 20:26:40 +09:00
Akinori MUSHA
2b96f2317d Class name paranoia. 2012-10-14 22:10:44 +09:00
Akinori MUSHA
060fc63c2a Import cookie related stuff from Mechanize. 2012-10-14 18:52:52 +09:00