Permalink
Browse files

Fix array set-cookie headers in rack 1.1

  • Loading branch information...
1 parent c4da6df commit aeffb9246ed98b2526958c11daf9de26365084b5 @josh josh committed Mar 24, 2011
Showing with 28 additions and 7 deletions.
  1. +7 −1 lib/rack/ssl.rb
  2. +21 −6 test/test_ssl.rb
View
@@ -69,7 +69,13 @@ def hsts_headers
def flag_cookies_as_secure!(headers)
if cookies = headers['Set-Cookie']
- headers['Set-Cookie'] = cookies.split("\n").map { |cookie|
+ # Rack 1.1's set_cookie_header! will sometimes wrap
+ # Set-Cookie in an array
+ unless cookies.respond_to?(:to_ary)
+ cookies = cookies.split("\n")
+ end
+
+ headers['Set-Cookie'] = cookies.map { |cookie|
if cookie !~ /; secure(;|$)/
"#{cookie}; secure"
else
View
@@ -82,15 +82,30 @@ def test_flag_cookies_as_secure
end
def test_flag_cookies_as_secure_at_end_of_line
- default_app = lambda { |env|
- headers = {'Content-Type' => "text/html",
- 'Set-Cookie' => "problem=def; path=/; HttpOnly; secure" }
+ self.app = Rack::SSL.new(lambda { |env|
+ headers = {
+ 'Content-Type' => "text/html",
+ 'Set-Cookie' => "problem=def; path=/; HttpOnly; secure"
+ }
[200, headers, ["OK"]]
- }
- self.app = Rack::SSL.new(default_app)
+ })
+
+ get "https://example.org/"
+ assert_equal ["problem=def; path=/; HttpOnly; secure"],
+ last_response.headers['Set-Cookie'].split("\n")
+ end
+
+ def test_legacy_array_headers
+ self.app = Rack::SSL.new(lambda { |env|
+ headers = {
+ 'Content-Type' => "text/html",
+ 'Set-Cookie' => ["id=1; path=/", "token=abc; path=/; HttpOnly"]
+ }
+ [200, headers, ["OK"]]
+ })
get "https://example.org/"
- assert_equal ["problem=def; path=/; HttpOnly; secure" ],
+ assert_equal ["id=1; path=/; secure", "token=abc; path=/; HttpOnly; secure"],
last_response.headers['Set-Cookie'].split("\n")
end

0 comments on commit aeffb92

Please sign in to comment.