deal with cookie's secure attribute

master
Kanezoh 2021-08-07 14:05:10 +09:00
parent 4f845757f9
commit 51480129d0
2 changed files with 16 additions and 0 deletions

View File

@ -4,8 +4,10 @@ WebMock.stub(:get, "example.com/cookies1").to_return(headers: {"Set-Cookie" => "
WebMock.stub(:get, "example.com/cookies1_domain").to_return(headers: {"Set-Cookie" => "id=123; Domain=example.com"})
WebMock.stub(:get, "example.com/cookies2").to_return(headers: {"Set-Cookie" => "name=kanezoh"})
WebMock.stub(:get, "example.com/cookies3").to_return(headers: {"Set-Cookie" => "id=456"})
WebMock.stub(:get, "example.com/secure_cookies").to_return(headers: {"Set-Cookie" => "id=123; Secure"})
WebMock.stub(:get, "example.com/paths").to_return(headers: {"Set-Cookie" => "id=123; Path=/paths"})
WebMock.stub(:get, "example.com/paths/hoge").to_return()
WebMock.stub(:get, "https://example.com/").to_return()
WebMock.stub(:get, "example.com/hoge/paths").to_return()
WebMock.stub(:get, "www.example.com").to_return()
WebMock.stub(:get, "example.com/meta_cookie").to_return(body:
@ -90,4 +92,14 @@ describe "Mechanize Cookie test" do
agent.get("http://example.com/hoge/paths")
agent.request_headers.has_key?("Cookie").should eq false
end
it "doesn't send cookie to http protocol if secure attribute is set" do
agent = Mechanize.new
agent.get("http://example.com/secure_cookies")
agent.get("http://example.com/")
agent.request_headers.has_key?("Cookie").should eq false
agent.get("https://example.com/")
agent.request_headers.has_key?("Cookie").should eq true
agent.request_headers["Cookie"].should eq "id=123"
end
end

View File

@ -164,6 +164,10 @@ class HTTP::Cookie
return false if bool.nil?
end
if secure
return false if uri.scheme == "http"
end
if domain
host.try &.=~(/.*#{domain.try &.gsub(".", "\.")}$/)
else