Permalink
Browse files

[enhancement]: Write a flag value to session to just-in-case force se…

…ssion cookie to be created unless it wouldn't (for paranoia).
  • Loading branch information...
1 parent 32c9f2f commit 382514fe95a608ae90095846a3db6cb053712a95 @grimen committed Nov 2, 2011
Showing with 37 additions and 8 deletions.
  1. +5 −5 TODO
  2. +12 −2 lib/rack/iframe.rb
  3. +9 −0 spec/rack-iframe_spec.rb
  4. +11 −1 spec/spec_helper.rb
View
10 TODO
@@ -5,20 +5,20 @@ x [feature/issue]: Fix/Review "Last-Modified" HTTP cache header case - to comply
- [feature]: Track if P3P-headers should be sent via cookie. Reason: We can't assume that only bodies that contain <iframe>-elements needs the P3P header (or so I think right now).
-- [feature]: Add option to send 304 headers but delete "Set-Cookie"-header - not allowed by spec, but seems to work in most browsers/servers anyway.
-
== LOW-PRIO
-- [refactor/enhancement]: Use 'useragent' gem to parse 'USER_AGENT'-header - https://rubygems.org/gems/useragent
-
-- [refactor/test]: Use proper integration testing, i.e. mocks/env => Sinatra/headers.
+- [refactor/test]: Use pure integration testing, i.e. mocks/env => Sinatra/headers.
== MAYBE
- [feature]: Optionally silently/evily inject "the cross-domain iframe JavaScript hack" for Safari - or specified user agents - into the body response. >:)
+- [refactor/enhancement]: Use 'useragent' gem to parse 'USER_AGENT'-header - https://rubygems.org/gems/useragent
+
+- [feature]: Add option to send 304 headers but delete "Set-Cookie"-header - not allowed by spec, but seems to work in most browsers/servers anyway.
+
- [feature]: Support for policy reference file. http://www.w3.org/TR/P3P/#ref_file
- [feature]: Support for specifying compact policies by configuration. http://www.w3.org/TR/P3P/#compact_policies http://www.p3pwriter.com/LRN_111.asp
View
@@ -7,11 +7,13 @@ class Iframe
DEFAULT_P3P = %(CP="ALL DSP COR CURa ADMa DEVa OUR IND COM NAV").freeze
DEFAULT_IFRAME_SESSION_PATH = '/iframe_session'.freeze
+ DEFAULT_ENV_SESSION_KEY = 'rack.session'.freeze
def initialize(app, options = {})
@app, @options = app, options
@options[:p3p] ||= DEFAULT_P3P
@options[:iframe_session_path] ||= DEFAULT_IFRAME_SESSION_PATH
+ @options[:env_session_key] ||= DEFAULT_ENV_SESSION_KEY
end
def call(env)
@@ -20,7 +22,8 @@ def call(env)
# 2) Request
if iframe_session_path?(env)
- @status, @headers, @body = iframe_session_response
+ @app.call(env) # ...still call app as we want same ENV.
+ @status, @headers, @body = iframe_session_response(env)
else
@status, @headers, @body = @app.call(env)
end
@@ -77,7 +80,14 @@ def iframe_session_path?(env)
env['PATH_INFO'] == @options[:iframe_session_path]
end
- def iframe_session_response
+ def iframe_session_response(env)
+ begin
+ # Write a value into the session to ensure we get a session (cookie).
+ session_key = @options[:env_session_key]
+ env[session_key][:iframe_session] = true
+ rescue => e
+ env['rack.errors'].puts "[rack-iframe]: env[#{@options[:env_session_key]}] = #{env[@options[:env_session_key]]}"
+ end
[200, {}, [""]]
end
View
@@ -203,6 +203,15 @@
status.must_equal 200 # modified
end
end
+
+ it 'should set session variable :iframe_session on request to /iframe_session' do
+ @user_agents.each do |user_agent|
+ browser = Rack::Test::Session.new(Rack::MockSession.new(SessionIframeApp))
+ browser.get '/iframe_session', {}, 'HTTP_USER_AGENT' => user_agent_string(user_agent)
+ browser.get '/test_iframe_session', {}, 'HTTP_USER_AGENT' => user_agent_string(user_agent)
+ browser.last_response.body.must_equal "true"
+ end
+ end
end
end
end
View
@@ -19,9 +19,10 @@
ENV['RACK_ENV'] = 'test'
class CachedApp < Sinatra::Base
-
use Rack::Cache, :verbose => true, :meta_store => 'heap:/', :entitystore => 'heap:/'
+ enable :sessions
+
get '/' do
headers['Content-Type'] = 'text/plain'
""
@@ -40,6 +41,15 @@ class CachedApp < Sinatra::Base
end
end
+class SessionIframeApp < CachedApp
+ use Rack::Iframe
+
+ get '/test_iframe_session' do
+ headers['Content-Type'] = 'text/plain'
+ "#{session[:iframe_session]}"
+ end
+end
+
def mock_app(headers = {}, env = {})
default_headers = headers.merge({
'Content-Type' => 'text/plain'

0 comments on commit 382514f

Please sign in to comment.