summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRyuta Kamizono <kamipo@gmail.com>2020-02-10 17:33:15 +0900
committerSamuel Williams <samuel.williams@oriontransfer.co.nz>2020-02-11 01:19:11 +1300
commit18f708b5b691f0219be35e453dbb7ef8397060c9 (patch)
tree61d54cd4f5b5349a8383ac2b84747304b0e00151
parent784dcd21da76ab5825d3a69338ac65b78f8422b5 (diff)
downloadrack-18f708b5b691f0219be35e453dbb7ef8397060c9.tar.gz
Fix to handle same_site option for session pool
Follow up of #1543.
Diffstat
-rw-r--r--lib/rack/session/abstract/id.rb1
-rw-r--r--lib/rack/session/cookie.rb1
-rw-r--r--test/spec_session_pool.rb19
3 files changed, 20 insertions, 1 deletions
diff --git a/lib/rack/session/abstract/id.rb b/lib/rack/session/abstract/id.rb
index cb011359..638bd3b3 100644
--- a/lib/rack/session/abstract/id.rb
+++ b/lib/rack/session/abstract/id.rb
@@ -252,6 +252,7 @@ module Rack
@default_options = self.class::DEFAULT_OPTIONS.merge(options)
@key = @default_options.delete(:key)
@cookie_only = @default_options.delete(:cookie_only)
+ @same_site = @default_options.delete(:same_site)
initialize_sid
end
diff --git a/lib/rack/session/cookie.rb b/lib/rack/session/cookie.rb
index 3b82b41d..bb541396 100644
--- a/lib/rack/session/cookie.rb
+++ b/lib/rack/session/cookie.rb
@@ -118,7 +118,6 @@ module Rack
Called from: #{caller[0]}.
MSG
@coder = options[:coder] ||= Base64::Marshal.new
- @same_site = options.delete :same_site
super(app, options.merge!(cookie_only: true))
end
diff --git a/test/spec_session_pool.rb b/test/spec_session_pool.rb
index ac7522b5..aba93fb1 100644
--- a/test/spec_session_pool.rb
+++ b/test/spec_session_pool.rb
@@ -178,6 +178,25 @@ describe Rack::Session::Pool do
pool.pool[session_id.public_id].must_be_nil
end
+ it "passes through same_site option to session pool" do
+ pool = Rack::Session::Pool.new(incrementor, same_site: :none)
+ req = Rack::MockRequest.new(pool)
+ res = req.get("/")
+ res["Set-Cookie"].must_include "SameSite=None"
+ end
+
+ it "allows using a lambda to specify same_site option, because some browsers require different settings" do
+ pool = Rack::Session::Pool.new(incrementor, same_site: lambda { |req, res| :none })
+ req = Rack::MockRequest.new(pool)
+ res = req.get("/")
+ res["Set-Cookie"].must_include "SameSite=None"
+
+ pool = Rack::Session::Pool.new(incrementor, same_site: lambda { |req, res| :lax })
+ req = Rack::MockRequest.new(pool)
+ res = req.get("/")
+ res["Set-Cookie"].must_include "SameSite=Lax"
+ end
+
# anyone know how to do this better?
it "should merge sessions when multithreaded" do
unless $DEBUG
View Lorry Controller Status