diff options
| author | Robert Newson <rnewson@apache.org> | 2020-03-12 11:21:27 +0000 |
|---|---|---|
| committer | Robert Newson <rnewson@apache.org> | 2020-04-02 18:21:46 +0100 |
| commit | 2ccb4a2f5482901a2fd2313e2274aa09c5355470 (patch) | |
| tree | acaab7e81df18c34a6956bd8b70749e6072ffc71 | |
| parent | 03cb69e2ec4816b16c8d5480171d2ec50ba71378 (diff) | |
| download | couchdb-2ccb4a2f5482901a2fd2313e2274aa09c5355470.tar.gz | |
Merge pull request #2657 from apache/cookie-domain-delete
Set cookie domain when DELETE'ing
| -rw-r--r-- | src/couch/src/couch_httpd_auth.erl | 3 | ||||
| -rwxr-xr-x | src/couch/test/eunit/couchdb_cookie_domain_tests.erl | 13 |
2 files changed, 14 insertions, 2 deletions
diff --git a/src/couch/src/couch_httpd_auth.erl b/src/couch/src/couch_httpd_auth.erl index 5e4450301..43ecda958 100644 --- a/src/couch/src/couch_httpd_auth.erl +++ b/src/couch/src/couch_httpd_auth.erl @@ -365,7 +365,8 @@ handle_session_req(#httpd{method='GET', user_ctx=UserCtx}=Req, _AuthModule) -> end; % logout by deleting the session handle_session_req(#httpd{method='DELETE'}=Req, _AuthModule) -> - Cookie = mochiweb_cookies:cookie("AuthSession", "", [{path, "/"}] ++ cookie_scheme(Req)), + Cookie = mochiweb_cookies:cookie("AuthSession", "", [{path, "/"}] ++ + cookie_domain() ++ cookie_scheme(Req)), {Code, Headers} = case couch_httpd:qs_value(Req, "next", nil) of nil -> {200, [Cookie]}; diff --git a/src/couch/test/eunit/couchdb_cookie_domain_tests.erl b/src/couch/test/eunit/couchdb_cookie_domain_tests.erl index e66ab31e6..c46352f35 100755 --- a/src/couch/test/eunit/couchdb_cookie_domain_tests.erl +++ b/src/couch/test/eunit/couchdb_cookie_domain_tests.erl @@ -43,7 +43,8 @@ cookie_test_() -> fun({ok, Url, ContentType, Payload, _}) -> [ should_set_cookie_domain(Url, ContentType, Payload), - should_not_set_cookie_domain(Url, ContentType, Payload) + should_not_set_cookie_domain(Url, ContentType, Payload), + should_delete_cookie_domain(Url, ContentType, Payload) ] end } @@ -67,3 +68,13 @@ should_not_set_cookie_domain(Url, ContentType, Payload) -> Cookie = proplists:get_value("Set-Cookie", Headers), ?assertEqual(0, string:str(Cookie, "; Domain=")) end). + +should_delete_cookie_domain(Url, ContentType, Payload) -> + ?_test(begin + ok = config:set("couch_httpd_auth", "cookie_domain", + "example.com", false), + {ok, Code, Headers, _} = test_request:delete(Url, ContentType, Payload), + ?assertEqual(200, Code), + Cookie = proplists:get_value("Set-Cookie", Headers), + ?assert(string:str(Cookie, "; Domain=example.com") > 0) + end). |