module SafeCookies::Helpers

Constants

KNOWN_COOKIES_DIVIDER

Public Instance Methods

cache_application_cookies_string() click to toggle source

Since we have to operate on and modify the actual @headers hash that the application returns, cache the @headers string so that later on, we still know what the application did set.

# File lib/safe_cookies/helpers.rb, line 9
def cache_application_cookies_string
  cookies = @headers['Set-Cookie']
  # Rack 1.1 returns an Array
  cookies = cookies.join("\n") if cookies.is_a?(Array)

  if cookies and cookies.length > 0
    @application_cookies_string = cookies
  end
  # else, @application_cookies_string will be `nil`
end
cookies_have_been_rewritten_before?() click to toggle source

boolean

# File lib/safe_cookies/helpers.rb, line 77
def cookies_have_been_rewritten_before?
  @request.cookies.has_key? SECURED_COOKIE_NAME
end
http_only(cookie) click to toggle source
# File lib/safe_cookies/helpers.rb, line 29
def http_only(cookie)
  if should_be_http_only?(cookie) and cookie !~ /(^|;\s)HttpOnly($|;)/
    "#{cookie}; HttpOnly"
  else
    cookie
  end
end
request_cookies() click to toggle source

returns the request cookies minus ignored cookies

# File lib/safe_cookies/helpers.rb, line 55
def request_cookies
  Util.except!(@request.cookies.dup, *@config.ignored_cookies)
end
rewritable_request_cookies() click to toggle source
# File lib/safe_cookies/helpers.rb, line 64
def rewritable_request_cookies
  Util.slice(request_cookies, *@config.registered_cookies.keys)
end
secure(cookie) click to toggle source
# File lib/safe_cookies/helpers.rb, line 20
def secure(cookie)
  # Regexp from https://github.com/tobmatth/rack-ssl-enforcer/
  if should_be_secure?(cookie) and cookie !~ /(^|;\s)secure($|;)/
    "#{cookie}; secure"
  else
    cookie
  end
end
should_be_http_only?(cookie) click to toggle source
# File lib/safe_cookies/helpers.rb, line 95
def should_be_http_only?(cookie)
  cookie_name = cookie.split('=').first.strip
  not @config.scriptable_cookie?(cookie_name)
end
should_be_secure?(cookie) click to toggle source
# File lib/safe_cookies/helpers.rb, line 81
def should_be_secure?(cookie)
  cookie_name = cookie.split('=').first.strip
  ssl? and not @config.insecure_cookie?(cookie_name)
end
ssl?() click to toggle source
# File lib/safe_cookies/helpers.rb, line 86
def ssl?
  if @request.respond_to?(:ssl?)
    @request.ssl?
  else
    # older Rack versions
    @request.scheme == 'https'
  end
end