From 51480129d03e23cb6391fc3482106bff7e50e894 Mon Sep 17 00:00:00 2001 From: Kanezoh Date: Sat, 7 Aug 2021 14:05:10 +0900 Subject: [PATCH] deal with cookie's secure attribute --- spec/cookie_spec.cr | 12 ++++++++++++ src/mechanize/http/agent.cr | 4 ++++ 2 files changed, 16 insertions(+) diff --git a/spec/cookie_spec.cr b/spec/cookie_spec.cr index 05973c0..9fcf7fc 100644 --- a/spec/cookie_spec.cr +++ b/spec/cookie_spec.cr @@ -4,8 +4,10 @@ WebMock.stub(:get, "example.com/cookies1").to_return(headers: {"Set-Cookie" => " WebMock.stub(:get, "example.com/cookies1_domain").to_return(headers: {"Set-Cookie" => "id=123; Domain=example.com"}) WebMock.stub(:get, "example.com/cookies2").to_return(headers: {"Set-Cookie" => "name=kanezoh"}) WebMock.stub(:get, "example.com/cookies3").to_return(headers: {"Set-Cookie" => "id=456"}) +WebMock.stub(:get, "example.com/secure_cookies").to_return(headers: {"Set-Cookie" => "id=123; Secure"}) WebMock.stub(:get, "example.com/paths").to_return(headers: {"Set-Cookie" => "id=123; Path=/paths"}) WebMock.stub(:get, "example.com/paths/hoge").to_return() +WebMock.stub(:get, "https://example.com/").to_return() WebMock.stub(:get, "example.com/hoge/paths").to_return() WebMock.stub(:get, "www.example.com").to_return() WebMock.stub(:get, "example.com/meta_cookie").to_return(body: @@ -90,4 +92,14 @@ describe "Mechanize Cookie test" do agent.get("http://example.com/hoge/paths") agent.request_headers.has_key?("Cookie").should eq false end + + it "doesn't send cookie to http protocol if secure attribute is set" do + agent = Mechanize.new + agent.get("http://example.com/secure_cookies") + agent.get("http://example.com/") + agent.request_headers.has_key?("Cookie").should eq false + agent.get("https://example.com/") + agent.request_headers.has_key?("Cookie").should eq true + agent.request_headers["Cookie"].should eq "id=123" + end end diff --git a/src/mechanize/http/agent.cr b/src/mechanize/http/agent.cr index b2f421e..e02b551 100644 --- a/src/mechanize/http/agent.cr +++ b/src/mechanize/http/agent.cr @@ -164,6 +164,10 @@ class HTTP::Cookie return false if bool.nil? end + if secure + return false if uri.scheme == "http" + end + if domain host.try &.=~(/.*#{domain.try &.gsub(".", "\.")}$/) else