Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Fix secure cookies when there are more than one space before the secure

keyword
  • Loading branch information...
commit 6e04a78462cc41160c094f79cb3433051c38369f 1 parent 139bf55
@rafaelfranca rafaelfranca authored
View
2  actionpack/lib/action_dispatch/middleware/ssl.rb
@@ -58,7 +58,7 @@ def flag_cookies_as_secure!(headers)
cookies = cookies.split("\n")
headers['Set-Cookie'] = cookies.map { |cookie|
- if cookie !~ /; secure(;|$)/
+ if cookie !~ /;\s+secure(;|$)/
"#{cookie}; secure"
else
cookie
View
28 actionpack/test/dispatch/ssl_test.rb
@@ -84,6 +84,34 @@ def test_flag_cookies_as_secure_at_end_of_line
response.headers['Set-Cookie'].split("\n")
end
+ def test_flag_cookies_as_secure_with_more_spaces_before
+ self.app = ActionDispatch::SSL.new(lambda { |env|
+ headers = {
+ 'Content-Type' => "text/html",
+ 'Set-Cookie' => "problem=def; path=/; HttpOnly; secure"
+ }
+ [200, headers, ["OK"]]
+ })
+
+ get "https://example.org/"
+ assert_equal ["problem=def; path=/; HttpOnly; secure"],
+ response.headers['Set-Cookie'].split("\n")
+ end
+
+ def test_flag_cookies_as_secure_with_more_spaces_after
+ self.app = ActionDispatch::SSL.new(lambda { |env|
+ headers = {
+ 'Content-Type' => "text/html",
+ 'Set-Cookie' => "problem=def; path=/; secure; HttpOnly"
+ }
+ [200, headers, ["OK"]]
+ })
+
+ get "https://example.org/"
+ assert_equal ["problem=def; path=/; secure; HttpOnly"],
+ response.headers['Set-Cookie'].split("\n")
+ end
+
def test_no_cookies
self.app = ActionDispatch::SSL.new(lambda { |env|
[200, {'Content-Type' => "text/html"}, ["OK"]]
Please sign in to comment.
Something went wrong with that request. Please try again.