module Roda::RodaPlugins::CookieFlags::InstanceMethods
def _handle_cookie_flags(cookies)
def _handle_cookie_flags(cookies) cookies = [cookies] if cookies.is_a?(String) _handle_cookie_flags_array(cookies) end
def _handle_cookie_flags(cookie_string)
def _handle_cookie_flags(cookie_string) _handle_cookie_flags_array(cookie_string.split("\n")).join("\n") end
def _handle_cookie_flags_array(cookies)
def _handle_cookie_flags_array(cookies) opts = self.class.opts[:cookie_flags] needs_secure = opts[:secure] needs_httponly = opts[:httponly] if needs_same_site = opts[:same_site] same_site_string = opts[:same_site_string] same_site_regexp = /;\s*samesite\s*=\s*(\S+)\s*(?:\z|;)/i end action = opts[:action] cookies.map do |cookie| if needs_secure add_secure = !/;\s*secure\s*(?:\z|;)/i.send(MATCH_METH, cookie) end if needs_httponly add_httponly = !/;\s*httponly\s*(?:\z|;)/i.send(MATCH_METH, cookie) end if needs_same_site has_same_site = same_site_regexp.match(cookie) unless add_same_site = !has_same_site update_same_site = needs_same_site != has_same_site[1].downcase end end next cookie unless add_secure || add_httponly || add_same_site || update_same_site case action when :raise, :warn, :warn_and_modify message = "Response contains cookie with unexpected flags: #{cookie.inspect}." \ "Expecting the following cookie flags: "\ "#{'secure ' if add_secure}#{'httponly ' if add_httponly}#{same_site_string[2..-1] if add_same_site || update_same_site}" if action == :raise raise Error, message else warn(message) next cookie if action == :warn end end if update_same_site cookie = cookie.gsub(same_site_regexp, same_site_string) else cookie = cookie.dup cookie << same_site_string if add_same_site end cookie << '; secure' if add_secure cookie << '; httponly' if add_httponly cookie end end
def _roda_after_85__cookie_flags(res)
def _roda_after_85__cookie_flags(res) return unless res && (headers = res[1]) && (value = headers[RodaResponseHeaders::SET_COOKIE]) headers[RodaResponseHeaders::SET_COOKIE] = _handle_cookie_flags(value) end