Permalink
Browse files

Fix secure cookies when there are more than one space before the secure

keyword
  • Loading branch information...
rafaelfranca committed Mar 19, 2012
1 parent 139bf55 commit 6e04a78462cc41160c094f79cb3433051c38369f
Showing with 29 additions and 1 deletion.
  1. +1 −1 actionpack/lib/action_dispatch/middleware/ssl.rb
  2. +28 −0 actionpack/test/dispatch/ssl_test.rb
@@ -58,7 +58,7 @@ def flag_cookies_as_secure!(headers)
cookies = cookies.split("\n")
headers['Set-Cookie'] = cookies.map { |cookie|
- if cookie !~ /; secure(;|$)/
+ if cookie !~ /;\s+secure(;|$)/
"#{cookie}; secure"
else
cookie
@@ -84,6 +84,34 @@ def test_flag_cookies_as_secure_at_end_of_line
response.headers['Set-Cookie'].split("\n")
end
+ def test_flag_cookies_as_secure_with_more_spaces_before
+ self.app = ActionDispatch::SSL.new(lambda { |env|
+ headers = {
+ 'Content-Type' => "text/html",
+ 'Set-Cookie' => "problem=def; path=/; HttpOnly; secure"
+ }
+ [200, headers, ["OK"]]
+ })
+
+ get "https://example.org/"
+ assert_equal ["problem=def; path=/; HttpOnly; secure"],
+ response.headers['Set-Cookie'].split("\n")
+ end
+
+ def test_flag_cookies_as_secure_with_more_spaces_after
+ self.app = ActionDispatch::SSL.new(lambda { |env|
+ headers = {
+ 'Content-Type' => "text/html",
+ 'Set-Cookie' => "problem=def; path=/; secure; HttpOnly"
+ }
+ [200, headers, ["OK"]]
+ })
+
+ get "https://example.org/"
+ assert_equal ["problem=def; path=/; secure; HttpOnly"],
+ response.headers['Set-Cookie'].split("\n")
+ end
+
def test_no_cookies
self.app = ActionDispatch::SSL.new(lambda { |env|
[200, {'Content-Type' => "text/html"}, ["OK"]]

0 comments on commit 6e04a78

Please sign in to comment.