Do more exact matching of domain and path when deleting cookies

Also, correctly handle deleting with both a domain and path provided. Fixes #1234
author: Jeremy Evans <code@jeremyevans.net> 2020-01-23 13:22:19 -0800
committer: Jeremy Evans <code@jeremyevans.net> 2020-01-23 15:00:26 -0800
commit: 905a83dc10c40c3fae0199918190d09f1302aba4 (patch)
tree: 7e617ab278bd19f3f34883918005e173b4947b5f /test/spec_response.rb
parent: 4419264a5a9212ed5ef6431fa536d00d8216aae4 (diff)
download: rack-905a83dc10c40c3fae0199918190d09f1302aba4.tar.gz
1 files changed, 77 insertions, 0 deletions
diff --git a/test/spec_response.rb b/test/spec_response.rb
index 876fa500..0d94d92c 100644
--- a/test/spec_response.rb
+++ b/test/spec_response.rb
@@ -243,6 +243,18 @@ describe Rack::Response do
                                          "foo=; domain=sample.example.com; max-age=0; expires=Thu, 01 Jan 1970 00:00:00 GMT"].join("\n")
   end
 
+  it "only deletes cookies for the domain specified" do
+    response = Rack::Response.new
+    response.set_cookie "foo", { value: "bar", domain: "example.com.example.com" }
+    response.set_cookie "foo", { value: "bar", domain: "example.com" }
+    response["Set-Cookie"].must_equal ["foo=bar; domain=example.com.example.com", "foo=bar; domain=example.com"].join("\n")
+    response.delete_cookie "foo", domain: "example.com"
+    response["Set-Cookie"].must_equal ["foo=bar; domain=example.com.example.com", "foo=; domain=example.com; max-age=0; expires=Thu, 01 Jan 1970 00:00:00 GMT"].join("\n")
+    response.delete_cookie "foo", domain: "example.com.example.com"
+    response["Set-Cookie"].must_equal ["foo=; domain=example.com; max-age=0; expires=Thu, 01 Jan 1970 00:00:00 GMT",
+                                         "foo=; domain=example.com.example.com; max-age=0; expires=Thu, 01 Jan 1970 00:00:00 GMT"].join("\n")
+  end
+
   it "can delete cookies with the same name with different paths" do
     response = Rack::Response.new
     response.set_cookie "foo", { value: "bar", path: "/" }
@@ -255,6 +267,71 @@ describe Rack::Response do
                                          "foo=; path=/path; max-age=0; expires=Thu, 01 Jan 1970 00:00:00 GMT"].join("\n")
   end
 
+  it "only delete cookies with the path specified" do
+    response = Rack::Response.new
+    response.set_cookie "foo", value: "bar", path: "/"
+    response.set_cookie "foo", value: "bar", path: "/a"
+    response.set_cookie "foo", value: "bar", path: "/a/b"
+    response["Set-Cookie"].must_equal ["foo=bar; path=/",
+                                       "foo=bar; path=/a",
+                                       "foo=bar; path=/a/b"].join("\n")
+
+    response.delete_cookie "foo", path: "/a"
+    response["Set-Cookie"].must_equal ["foo=bar; path=/",
+                                       "foo=bar; path=/a/b",
+                                       "foo=; path=/a; max-age=0; expires=Thu, 01 Jan 1970 00:00:00 GMT"].join("\n")
+  end
+
+  it "only delete cookies with the domain and path specified" do
+    response = Rack::Response.new
+    response.set_cookie "foo", value: "bar", path: "/"
+    response.set_cookie "foo", value: "bar", path: "/a"
+    response.set_cookie "foo", value: "bar", path: "/a/b"
+    response.set_cookie "foo", value: "bar", path: "/", domain: "example.com.example.com"
+    response.set_cookie "foo", value: "bar", path: "/a", domain: "example.com.example.com"
+    response.set_cookie "foo", value: "bar", path: "/a/b", domain: "example.com.example.com"
+    response.set_cookie "foo", value: "bar", path: "/", domain: "example.com"
+    response.set_cookie "foo", value: "bar", path: "/a", domain: "example.com"
+    response.set_cookie "foo", value: "bar", path: "/a/b", domain: "example.com"
+    response["Set-Cookie"].must_equal [
+      "foo=bar; path=/",
+      "foo=bar; path=/a",
+      "foo=bar; path=/a/b",
+      "foo=bar; domain=example.com.example.com; path=/",
+      "foo=bar; domain=example.com.example.com; path=/a",
+      "foo=bar; domain=example.com.example.com; path=/a/b",
+      "foo=bar; domain=example.com; path=/",
+      "foo=bar; domain=example.com; path=/a",
+      "foo=bar; domain=example.com; path=/a/b",
+    ].join("\n")
+
+    response.delete_cookie "foo", path: "/a", domain: "example.com"
+    response["Set-Cookie"].must_equal [
+      "foo=bar; path=/",
+      "foo=bar; path=/a",
+      "foo=bar; path=/a/b",
+      "foo=bar; domain=example.com.example.com; path=/",
+      "foo=bar; domain=example.com.example.com; path=/a",
+      "foo=bar; domain=example.com.example.com; path=/a/b",
+      "foo=bar; domain=example.com; path=/",
+      "foo=bar; domain=example.com; path=/a/b",
+      "foo=; domain=example.com; path=/a; max-age=0; expires=Thu, 01 Jan 1970 00:00:00 GMT",
+    ].join("\n")
+
+    response.delete_cookie "foo", path: "/a/b", domain: "example.com"
+    response["Set-Cookie"].must_equal [
+      "foo=bar; path=/",
+      "foo=bar; path=/a",
+      "foo=bar; path=/a/b",
+      "foo=bar; domain=example.com.example.com; path=/",
+      "foo=bar; domain=example.com.example.com; path=/a",
+      "foo=bar; domain=example.com.example.com; path=/a/b",
+      "foo=bar; domain=example.com; path=/",
+      "foo=; domain=example.com; path=/a; max-age=0; expires=Thu, 01 Jan 1970 00:00:00 GMT",
+      "foo=; domain=example.com; path=/a/b; max-age=0; expires=Thu, 01 Jan 1970 00:00:00 GMT",
+    ].join("\n")
+  end
+
   it "can do redirects" do
     response = Rack::Response.new
     response.redirect "/foo"
author	Jeremy Evans <code@jeremyevans.net>	2020-01-23 13:22:19 -0800
committer	Jeremy Evans <code@jeremyevans.net>	2020-01-23 15:00:26 -0800
commit	905a83dc10c40c3fae0199918190d09f1302aba4 (patch)
tree	7e617ab278bd19f3f34883918005e173b4947b5f /test/spec_response.rb
parent	4419264a5a9212ed5ef6431fa536d00d8216aae4 (diff)
download	rack-905a83dc10c40c3fae0199918190d09f1302aba4.tar.gz