Permalink
Browse files

Cookies set during a HTTPS request are marked as secure by default.

  • Loading branch information...
1 parent 38a56f4 commit af11702eccbbc93a6f3f2b33a3942a8f6d02c72a @cskr committed Jan 24, 2011
Showing with 10 additions and 2 deletions.
  1. +4 −1 grasshopper/lib/context.js
  2. +1 −1 grasshopper/lib/routes.js
  3. +5 −0 test/simple/context-test.js
@@ -51,9 +51,10 @@ exports.configure = function(config) {
};
// Class: RequestContext
-function RequestContext(request, response) {
+function RequestContext(request, response, secure) {
this.request = request;
this.response = response;
+ this.secure = secure;
this.model = {};
this.status = 200;
@@ -133,6 +134,8 @@ RequestContext.prototype.getAuth = function() {
};
RequestContext.prototype.addCookie = function(cookie) {
+ if(this.secure) cookie.secure = true;
+
var cookieLine = cookie.name + '=' + encodeURIComponent(cookie.value);
cookieLine += cookie.path ? '; path=' + cookie.path : '';
cookieLine += cookie.expires ? '; expires=' + cookie.expires : '';
@@ -109,7 +109,7 @@ function startServer(routes, port, credentials, hostname, callback) {
}
server.on("request", function(req, res) {
- var ctx = new context.RequestContext(req, res);
+ var ctx = new context.RequestContext(req, res, !!credentials);
try {
dispatcher.dispatch(ctx, routeMatcher);
} catch(e) {
@@ -174,6 +174,11 @@ suite.tests = {
assert.equal(ctx.headers['set-cookie'],
'language=JS; path=/; HttpOnly'
+ '\r\nset-cookie: vm=v8; path=/; HttpOnly');
+
+ var ctx = new RequestContext(req, res, true);
+ ctx.addCookie(new Cookie('language', 'JS'));
+ assert.equal(ctx.headers['set-cookie'],
+ 'language=JS; path=/; secure; HttpOnly');
next();
}
};

0 comments on commit af11702

Please sign in to comment.