diff options
author | Ryuta Kamizono <kamipo@gmail.com> | 2020-02-10 17:33:15 +0900 |
---|---|---|
committer | Samuel Williams <samuel.williams@oriontransfer.co.nz> | 2020-02-11 01:19:11 +1300 |
commit | 18f708b5b691f0219be35e453dbb7ef8397060c9 (patch) | |
tree | 61d54cd4f5b5349a8383ac2b84747304b0e00151 | |
parent | 784dcd21da76ab5825d3a69338ac65b78f8422b5 (diff) | |
download | rack-18f708b5b691f0219be35e453dbb7ef8397060c9.tar.gz |
Fix to handle same_site option for session pool
Follow up of #1543.
-rw-r--r-- | lib/rack/session/abstract/id.rb | 1 | ||||
-rw-r--r-- | lib/rack/session/cookie.rb | 1 | ||||
-rw-r--r-- | test/spec_session_pool.rb | 19 |
3 files changed, 20 insertions, 1 deletions
diff --git a/lib/rack/session/abstract/id.rb b/lib/rack/session/abstract/id.rb index cb011359..638bd3b3 100644 --- a/lib/rack/session/abstract/id.rb +++ b/lib/rack/session/abstract/id.rb @@ -252,6 +252,7 @@ module Rack @default_options = self.class::DEFAULT_OPTIONS.merge(options) @key = @default_options.delete(:key) @cookie_only = @default_options.delete(:cookie_only) + @same_site = @default_options.delete(:same_site) initialize_sid end diff --git a/lib/rack/session/cookie.rb b/lib/rack/session/cookie.rb index 3b82b41d..bb541396 100644 --- a/lib/rack/session/cookie.rb +++ b/lib/rack/session/cookie.rb @@ -118,7 +118,6 @@ module Rack Called from: #{caller[0]}. MSG @coder = options[:coder] ||= Base64::Marshal.new - @same_site = options.delete :same_site super(app, options.merge!(cookie_only: true)) end diff --git a/test/spec_session_pool.rb b/test/spec_session_pool.rb index ac7522b5..aba93fb1 100644 --- a/test/spec_session_pool.rb +++ b/test/spec_session_pool.rb @@ -178,6 +178,25 @@ describe Rack::Session::Pool do pool.pool[session_id.public_id].must_be_nil end + it "passes through same_site option to session pool" do + pool = Rack::Session::Pool.new(incrementor, same_site: :none) + req = Rack::MockRequest.new(pool) + res = req.get("/") + res["Set-Cookie"].must_include "SameSite=None" + end + + it "allows using a lambda to specify same_site option, because some browsers require different settings" do + pool = Rack::Session::Pool.new(incrementor, same_site: lambda { |req, res| :none }) + req = Rack::MockRequest.new(pool) + res = req.get("/") + res["Set-Cookie"].must_include "SameSite=None" + + pool = Rack::Session::Pool.new(incrementor, same_site: lambda { |req, res| :lax }) + req = Rack::MockRequest.new(pool) + res = req.get("/") + res["Set-Cookie"].must_include "SameSite=Lax" + end + # anyone know how to do this better? it "should merge sessions when multithreaded" do unless $DEBUG |