Skip to content
Browse files

Make sure a "secure" directive at the end of a cookie is noticed.

  • Loading branch information...
1 parent 23214f4 commit 81fccaaf3c175bd49d32c06aaaa8b7a395f44a1a @eric eric committed Mar 23, 2011
Showing with 3 additions and 3 deletions.
  1. +1 −1 lib/rack/ssl.rb
  2. +2 −2 test/test_ssl.rb
View
2 lib/rack/ssl.rb
@@ -70,7 +70,7 @@ def hsts_headers
def flag_cookies_as_secure!(headers)
if cookies = headers['Set-Cookie']
headers['Set-Cookie'] = cookies.split("\n").map { |cookie|
- if cookie !~ / secure;/
+ if cookie !~ / secure(;|$)/
"#{cookie}; secure"
else
cookie
View
4 test/test_ssl.rb
@@ -9,7 +9,7 @@ class TestSSL < Test::Unit::TestCase
def default_app
lambda { |env|
headers = {'Content-Type' => "text/html"}
- headers['Set-Cookie'] = "id=1; path=/\ntoken=abc; path=/; secure; HttpOnly"
+ headers['Set-Cookie'] = "id=1; path=/\ntoken=abc; path=/; secure; HttpOnly\ntoken=3; path=/; secure"
[200, headers, ["OK"]]
}
end
@@ -77,7 +77,7 @@ def test_hsts_include_subdomains
def test_flag_cookies_as_secure
get "https://example.org/"
- assert_equal ["id=1; path=/; secure", "token=abc; path=/; secure; HttpOnly"],
+ assert_equal ["id=1; path=/; secure", "token=abc; path=/; secure; HttpOnly", "token=3; path=/; secure" ],
last_response.headers['Set-Cookie'].split("\n")
end

0 comments on commit 81fccaa

Please sign in to comment.
Something went wrong with that request. Please try again.