Skip to content
Browse files

Space is not required for Set-Cookie header

  • Loading branch information...
1 parent 37aaaa7 commit ce89251bb2ff36d32e31944efed5f633eb3f7560 @ykzts ykzts committed
View
4 actionpack/CHANGELOG.md
@@ -1,3 +1,7 @@
+* Ignore spaces around delimiter in Set-Cookie header.
+
+ *Yamagishi Kazutoshi*
+
* Remove deprecated Rails application fallback for integration testing, set
`ActionDispatch.test_app` instead.
View
2 actionpack/lib/action_dispatch/middleware/ssl.rb
@@ -57,7 +57,7 @@ def flag_cookies_as_secure!(headers)
cookies = cookies.split("\n")
headers['Set-Cookie'] = cookies.map { |cookie|
- if cookie !~ /;\s+secure(;|$)/i
+ if cookie !~ /;\s*secure\s*(;|$)/i
"#{cookie}; secure"
else
cookie
View
29 actionpack/test/dispatch/ssl_test.rb
@@ -124,6 +124,35 @@ def test_flag_cookies_as_secure_with_more_spaces_after
response.headers['Set-Cookie'].split("\n")
end
+
+ def test_flag_cookies_as_secure_with_has_not_spaces_before
+ self.app = ActionDispatch::SSL.new(lambda { |env|
+ headers = {
+ 'Content-Type' => "text/html",
+ 'Set-Cookie' => "problem=def; path=/;secure; HttpOnly"
+ }
+ [200, headers, ["OK"]]
+ })
+
+ get "https://example.org/"
+ assert_equal ["problem=def; path=/;secure; HttpOnly"],
+ response.headers['Set-Cookie'].split("\n")
+ end
+
+ def test_flag_cookies_as_secure_with_has_not_spaces_after
+ self.app = ActionDispatch::SSL.new(lambda { |env|
+ headers = {
+ 'Content-Type' => "text/html",
+ 'Set-Cookie' => "problem=def; path=/; secure;HttpOnly"
+ }
+ [200, headers, ["OK"]]
+ })
+
+ get "https://example.org/"
+ assert_equal ["problem=def; path=/; secure;HttpOnly"],
+ response.headers['Set-Cookie'].split("\n")
+ end
+
def test_flag_cookies_as_secure_with_ignore_case
self.app = ActionDispatch::SSL.new(lambda { |env|
headers = {

0 comments on commit ce89251

Please sign in to comment.
Something went wrong with that request. Please try again.