Fix array set-cookie headers in rack 1.1

rkh · Mar 24, 2011 · aeffb92 · aeffb92
1 parent c4da6df
commit aeffb92
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 7 deletions.
diff --git a/lib/rack/ssl.rb b/lib/rack/ssl.rb
@@ -69,7 +69,13 @@ def hsts_headers
 
       def flag_cookies_as_secure!(headers)
         if cookies = headers['Set-Cookie']
-          headers['Set-Cookie'] = cookies.split("\n").map { |cookie|
+          # Rack 1.1's set_cookie_header! will sometimes wrap
+          # Set-Cookie in an array
+          unless cookies.respond_to?(:to_ary)
+            cookies = cookies.split("\n")
+          end
+
+          headers['Set-Cookie'] = cookies.map { |cookie|
             if cookie !~ /; secure(;|$)/
               "#{cookie}; secure"
             else

diff --git a/test/test_ssl.rb b/test/test_ssl.rb
@@ -82,15 +82,30 @@ def test_flag_cookies_as_secure
   end
 
   def test_flag_cookies_as_secure_at_end_of_line
-    default_app = lambda { |env|
+    self.app = Rack::SSL.new(lambda { |env|
-      headers = {'Content-Type' => "text/html",
+      headers = {
-        'Set-Cookie' => "problem=def; path=/; HttpOnly; secure" }
+        'Content-Type' => "text/html",
+        'Set-Cookie' => "problem=def; path=/; HttpOnly; secure"
+      }
       [200, headers, ["OK"]]
-    }
+    })
-    self.app = Rack::SSL.new(default_app)
+
+    get "https://example.org/"
+    assert_equal ["problem=def; path=/; HttpOnly; secure"],
+      last_response.headers['Set-Cookie'].split("\n")
+  end
+
+  def test_legacy_array_headers
+    self.app = Rack::SSL.new(lambda { |env|
+      headers = {
+        'Content-Type' => "text/html",
+        'Set-Cookie' => ["id=1; path=/", "token=abc; path=/; HttpOnly"]
+      }
+      [200, headers, ["OK"]]
+    })
 
     get "https://example.org/"
-    assert_equal ["problem=def; path=/; HttpOnly; secure" ],
+    assert_equal ["id=1; path=/; secure", "token=abc; path=/; HttpOnly; secure"],
       last_response.headers['Set-Cookie'].split("\n")
   end