diff options
author | James Tucker <jftucker@gmail.com> | 2013-01-21 20:12:57 -0800 |
---|---|---|
committer | James Tucker <jftucker@gmail.com> | 2013-01-21 20:12:57 -0800 |
commit | 5e0a9413a80e9b0aa8a74bfc806fb20f2ea0bf3c (patch) | |
tree | 7f7bbb4fd8a677cf64550db49992e28bfaa217e2 | |
parent | aea54b6d0ba7cb069b3ae30db54dd453fc41490c (diff) | |
download | rack-5e0a9413a80e9b0aa8a74bfc806fb20f2ea0bf3c.tar.gz |
Switch to RFC 2822 expiresrfc2822_expires
-rw-r--r-- | lib/rack/utils.rb | 27 | ||||
-rw-r--r-- | test/spec_response.rb | 14 |
2 files changed, 31 insertions, 10 deletions
diff --git a/lib/rack/utils.rb b/lib/rack/utils.rb index 3373b111..3ffdb3a2 100644 --- a/lib/rack/utils.rb +++ b/lib/rack/utils.rb @@ -250,10 +250,31 @@ module Rack domain = "; domain=" + value[:domain] if value[:domain] path = "; path=" + value[:path] if value[:path] max_age = "; max-age=" + value[:max_age] if value[:max_age] - # According to RFC 2109, we need dashes here. - # N.B.: cgi.rb uses spaces... + # There is an RFC mess in the area of date formatting for Cookies. Not + # only are there contradicting RFCs and examples within RFC text, but + # there are also numerous conflicting names of fields and partially + # cross-applicable specifications. + # + # These are best described in RFC 2616 3.3.1. This RFC text also + # specifies that RFC 822 as updated by RFC 1123 is preferred. That is a + # fixed length format with space-date delimeted fields. + # + # See also RFC 1123 section 5.2.14. + # + # RFC 6265 also specifies "sane-cookie-date" as RFC 1123 date, defined + # in RFC 2616 3.3.1. RFC 6265 also gives examples that clearly denote + # the space delimited format. These formats are compliant with RFC 2822. + # + # For reference, all involved RFCs are: + # RFC 822 + # RFC 1123 + # RFC 2109 + # RFC 2616 + # RFC 2822 + # RFC 2965 + # RFC 6265 expires = "; expires=" + - rfc2109(value[:expires].clone.gmtime) if value[:expires] + rfc2822(value[:expires].clone.gmtime) if value[:expires] secure = "; secure" if value[:secure] httponly = "; HttpOnly" if value[:httponly] value = value[:value] diff --git a/test/spec_response.rb b/test/spec_response.rb index ebffa733..7ba1e0e1 100644 --- a/test/spec_response.rb +++ b/test/spec_response.rb @@ -65,12 +65,12 @@ describe Rack::Response do response["Set-Cookie"].should.equal ["foo=bar; domain=sample.example.com", "foo=bar; domain=.example.com"].join("\n") end - it "formats the Cookie expiration date accordingly to RFC 2109" do + it "formats the Cookie expiration date accordingly to RFC 6265" do response = Rack::Response.new response.set_cookie "foo", {:value => "bar", :expires => Time.now+10} response["Set-Cookie"].should.match( - /expires=..., \d\d-...-\d\d\d\d \d\d:\d\d:\d\d .../) + /expires=..., \d\d ... \d\d\d\d \d\d:\d\d:\d\d .../) end it "can set secure cookies" do @@ -92,7 +92,7 @@ describe Rack::Response do response.delete_cookie "foo" response["Set-Cookie"].should.equal [ "foo2=bar2", - "foo=; max-age=0; expires=Thu, 01-Jan-1970 00:00:00 GMT" + "foo=; max-age=0; expires=Thu, 01 Jan 1970 00:00:00 -0000" ].join("\n") end @@ -102,10 +102,10 @@ describe Rack::Response do response.set_cookie "foo", {:value => "bar", :domain => ".example.com"} response["Set-Cookie"].should.equal ["foo=bar; domain=sample.example.com", "foo=bar; domain=.example.com"].join("\n") response.delete_cookie "foo", :domain => ".example.com" - response["Set-Cookie"].should.equal ["foo=bar; domain=sample.example.com", "foo=; domain=.example.com; max-age=0; expires=Thu, 01-Jan-1970 00:00:00 GMT"].join("\n") + response["Set-Cookie"].should.equal ["foo=bar; domain=sample.example.com", "foo=; domain=.example.com; max-age=0; expires=Thu, 01 Jan 1970 00:00:00 -0000"].join("\n") response.delete_cookie "foo", :domain => "sample.example.com" - response["Set-Cookie"].should.equal ["foo=; domain=.example.com; max-age=0; expires=Thu, 01-Jan-1970 00:00:00 GMT", - "foo=; domain=sample.example.com; max-age=0; expires=Thu, 01-Jan-1970 00:00:00 GMT"].join("\n") + response["Set-Cookie"].should.equal ["foo=; domain=.example.com; max-age=0; expires=Thu, 01 Jan 1970 00:00:00 -0000", + "foo=; domain=sample.example.com; max-age=0; expires=Thu, 01 Jan 1970 00:00:00 -0000"].join("\n") end it "can delete cookies with the same name with different paths" do @@ -117,7 +117,7 @@ describe Rack::Response do response.delete_cookie "foo", :path => "/path" response["Set-Cookie"].should.equal ["foo=bar; path=/", - "foo=; path=/path; max-age=0; expires=Thu, 01-Jan-1970 00:00:00 GMT"].join("\n") + "foo=; path=/path; max-age=0; expires=Thu, 01 Jan 1970 00:00:00 -0000"].join("\n") end it "can do redirects" do |