Use httponly for all cookies

iron · Feb 20, 2017 · 51711cf · 51711cf
1 parent 66a1344
commit 51711cf
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 4 deletions.
diff --git a/src/backends/redis.rs b/src/backends/redis.rs
@@ -10,6 +10,7 @@ use rand::Rng;
 
 use RawSession;
 use SessionBackend;
+use get_default_cookie;
 
 use errors::*;
 use iron::prelude::*;
@@ -44,7 +45,7 @@ impl RawSession for RedisSession {
     }
 
     fn write(&self, res: &mut Response) -> IronResult<()> {
-        let cookie = cookie::Cookie::new(
+        let cookie = get_default_cookie(
             COOKIE_NAME.to_owned(),
             self.session_id.clone()
         );

diff --git a/src/backends/signedcookie.rs b/src/backends/signedcookie.rs
@@ -6,6 +6,7 @@ use iron::prelude::*;
 
 use RawSession;
 use SessionBackend;
+use get_default_cookie;
 
 pub struct SignedCookieSession {
     unsigned_jar: cookie::CookieJar<'static>,
@@ -24,9 +25,7 @@ impl RawSession for SignedCookieSession {
     }
 
     fn set_raw(&mut self, key: &str, value: String) -> IronResult<()> {
-        let mut c = cookie::Cookie::new(key.to_owned(), value.to_owned());
-        c.httponly = true;
-        c.path = Some("/".to_owned());
+        let mut c = get_default_cookie(key.to_owned(), value);
         if let Some(ref modifier) = self.cookie_modifier {
             c = modifier(c);
         }

diff --git a/src/lib.rs b/src/lib.rs
@@ -131,6 +131,13 @@ impl<'a, 'b> SessionRequestExt for Request<'a, 'b> {
     }
 }
 
+fn get_default_cookie(key: String, value: String) -> cookie::Cookie {
+    let mut rv = cookie::Cookie::new(key, value);
+    rv.httponly = true;
+    rv.path = Some("/".to_owned());
+    rv
+}
+
 /// A module with some important traits to star-import.
 pub mod traits {
     pub use super::{SessionRequestExt};