diff options
| author | Robert Newson <rnewson@apache.org> | 2020-03-12 11:21:27 +0000 |
|---|---|---|
| committer | Robert Newson <rnewson@apache.org> | 2020-04-02 19:20:45 +0100 |
| commit | c3513f4f7040a6f21acb43d657af23690bbc6b6a (patch) | |
| tree | 81f50c561b23ebd895e48aa4198d67ac43b395ea | |
| parent | ba89381bf499bb4936c79c855a64cc753908e792 (diff) | |
| download | couchdb-c3513f4f7040a6f21acb43d657af23690bbc6b6a.tar.gz | |
Merge pull request #2657 from apache/cookie-domain-delete
Set cookie domain when DELETE'ing
| -rw-r--r-- | src/couch/src/couch_httpd_auth.erl | 3 | ||||
| -rwxr-xr-x | src/couch/test/eunit/couchdb_cookie_domain_tests.erl | 13 |
2 files changed, 14 insertions, 2 deletions
diff --git a/src/couch/src/couch_httpd_auth.erl b/src/couch/src/couch_httpd_auth.erl index b7abf2a01..2383be798 100644 --- a/src/couch/src/couch_httpd_auth.erl +++ b/src/couch/src/couch_httpd_auth.erl @@ -394,7 +394,8 @@ handle_session_req(#httpd{method='GET', user_ctx=UserCtx}=Req, _AuthModule) -> end; % logout by deleting the session handle_session_req(#httpd{method='DELETE'}=Req, _AuthModule) -> - Cookie = mochiweb_cookies:cookie("AuthSession", "", [{path, "/"}] ++ cookie_scheme(Req)), + Cookie = mochiweb_cookies:cookie("AuthSession", "", [{path, "/"}] ++ + cookie_domain() ++ cookie_scheme(Req)), {Code, Headers} = case couch_httpd:qs_value(Req, "next", nil) of nil -> {200, [Cookie]}; diff --git a/src/couch/test/eunit/couchdb_cookie_domain_tests.erl b/src/couch/test/eunit/couchdb_cookie_domain_tests.erl index e66ab31e6..c46352f35 100755 --- a/src/couch/test/eunit/couchdb_cookie_domain_tests.erl +++ b/src/couch/test/eunit/couchdb_cookie_domain_tests.erl @@ -43,7 +43,8 @@ cookie_test_() -> fun({ok, Url, ContentType, Payload, _}) -> [ should_set_cookie_domain(Url, ContentType, Payload), - should_not_set_cookie_domain(Url, ContentType, Payload) + should_not_set_cookie_domain(Url, ContentType, Payload), + should_delete_cookie_domain(Url, ContentType, Payload) ] end } @@ -67,3 +68,13 @@ should_not_set_cookie_domain(Url, ContentType, Payload) -> Cookie = proplists:get_value("Set-Cookie", Headers), ?assertEqual(0, string:str(Cookie, "; Domain=")) end). + +should_delete_cookie_domain(Url, ContentType, Payload) -> + ?_test(begin + ok = config:set("couch_httpd_auth", "cookie_domain", + "example.com", false), + {ok, Code, Headers, _} = test_request:delete(Url, ContentType, Payload), + ?assertEqual(200, Code), + Cookie = proplists:get_value("Set-Cookie", Headers), + ?assert(string:str(Cookie, "; Domain=example.com") > 0) + end). |