From 51480129d03e23cb6391fc3482106bff7e50e894 Mon Sep 17 00:00:00 2001
From: Kanezoh <asfaltmanta114@gmail.com>
Date: Sat, 7 Aug 2021 14:05:10 +0900
Subject: [PATCH] deal with cookie's secure attribute

---
 spec/cookie_spec.cr         | 12 ++++++++++++
 src/mechanize/http/agent.cr |  4 ++++
 2 files changed, 16 insertions(+)

diff --git a/spec/cookie_spec.cr b/spec/cookie_spec.cr
index 05973c0..9fcf7fc 100644
--- a/spec/cookie_spec.cr
+++ b/spec/cookie_spec.cr
@@ -4,8 +4,10 @@ WebMock.stub(:get, "example.com/cookies1").to_return(headers: {"Set-Cookie" => "
 WebMock.stub(:get, "example.com/cookies1_domain").to_return(headers: {"Set-Cookie" => "id=123; Domain=example.com"})
 WebMock.stub(:get, "example.com/cookies2").to_return(headers: {"Set-Cookie" => "name=kanezoh"})
 WebMock.stub(:get, "example.com/cookies3").to_return(headers: {"Set-Cookie" => "id=456"})
+WebMock.stub(:get, "example.com/secure_cookies").to_return(headers: {"Set-Cookie" => "id=123; Secure"})
 WebMock.stub(:get, "example.com/paths").to_return(headers: {"Set-Cookie" => "id=123; Path=/paths"})
 WebMock.stub(:get, "example.com/paths/hoge").to_return()
+WebMock.stub(:get, "https://example.com/").to_return()
 WebMock.stub(:get, "example.com/hoge/paths").to_return()
 WebMock.stub(:get, "www.example.com").to_return()
 WebMock.stub(:get, "example.com/meta_cookie").to_return(body:
@@ -90,4 +92,14 @@ describe "Mechanize Cookie test" do
     agent.get("http://example.com/hoge/paths")
     agent.request_headers.has_key?("Cookie").should eq false
   end
+
+  it "doesn't send cookie to http protocol if secure attribute is set" do
+    agent = Mechanize.new
+    agent.get("http://example.com/secure_cookies")
+    agent.get("http://example.com/")
+    agent.request_headers.has_key?("Cookie").should eq false
+    agent.get("https://example.com/")
+    agent.request_headers.has_key?("Cookie").should eq true
+    agent.request_headers["Cookie"].should eq "id=123"
+  end
 end
diff --git a/src/mechanize/http/agent.cr b/src/mechanize/http/agent.cr
index b2f421e..e02b551 100644
--- a/src/mechanize/http/agent.cr
+++ b/src/mechanize/http/agent.cr
@@ -164,6 +164,10 @@ class HTTP::Cookie
       return false if bool.nil?
     end
 
+    if secure
+      return false if uri.scheme == "http"
+    end
+
     if domain
       host.try &.=~(/.*#{domain.try &.gsub(".", "\.")}$/)
     else