Class: DuodealerApp::SameSiteCookieMiddleware

Inherits:

Object

• Object
• DuodealerApp::SameSiteCookieMiddleware

Defined in:

lib/duodealer_app/middleware/same_site_cookie_middleware.rb

Constant Summary

COOKIE_SEPARATOR =

"\n"

Class Method Summary

• .chromium_based?(sniffer) ⇒ Boolean
• .drops_unrecognized_same_site_cookies?(sniffer) ⇒ Boolean
• .same_site_none_incompatible?(user_agent) ⇒ Boolean
• .uc_browser?(sniffer) ⇒ Boolean
• .uc_browser_version_at_least?(sniffer:, major:, minor:, build:) ⇒ Boolean
• .webkit_same_site_bug?(sniffer) ⇒ Boolean

Instance Method Summary

• #call(env) ⇒ Object
• #initialize(app) ⇒ SameSiteCookieMiddleware constructor

  A new instance of SameSiteCookieMiddleware.

Constructor Details

#initialize(app) ⇒ SameSiteCookieMiddleware

Returns a new instance of SameSiteCookieMiddleware.

# File 'lib/duodealer_app/middleware/same_site_cookie_middleware.rb', line 7

def initialize(app)
  @app = app
end

Class Method Details

.chromium_based?(sniffer) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/duodealer_app/middleware/same_site_cookie_middleware.rb', line 52

def self.chromium_based?(sniffer)
  sniffer.browser_name.downcase.match(/chrom(e|ium)/)
end

.drops_unrecognized_same_site_cookies?(sniffer) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/duodealer_app/middleware/same_site_cookie_middleware.rb', line 47

def self.drops_unrecognized_same_site_cookies?(sniffer)
  (chromium_based?(sniffer) && sniffer.major_browser_version >= 51 && sniffer.major_browser_version <= 66) ||
    (uc_browser?(sniffer) && !uc_browser_version_at_least?(sniffer: sniffer, major: 12, minor: 13, build: 2))
end

.same_site_none_incompatible?(user_agent) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/duodealer_app/middleware/same_site_cookie_middleware.rb', line 34

def self.same_site_none_incompatible?(user_agent)
  sniffer = BrowserSniffer.new(user_agent)

  webkit_same_site_bug?(sniffer) || drops_unrecognized_same_site_cookies?(sniffer)
rescue
  true
end

.uc_browser?(sniffer) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/duodealer_app/middleware/same_site_cookie_middleware.rb', line 56

def self.uc_browser?(sniffer)
  sniffer.user_agent.downcase.match(/uc\s?browser/)
end

.uc_browser_version_at_least?(sniffer:, major:, minor:, build:) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/duodealer_app/middleware/same_site_cookie_middleware.rb', line 60

def self.uc_browser_version_at_least?(sniffer:, major:, minor:, build:)
  digits = sniffer.browser_version.split(".").map(&:to_i)
  return false unless digits.count >= 3

  return digits[0] > major if digits[0] != major
  return digits[1] > minor if digits[1] != minor
  digits[2] >= build
end

.webkit_same_site_bug?(sniffer) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/duodealer_app/middleware/same_site_cookie_middleware.rb', line 42

def self.webkit_same_site_bug?(sniffer)
  (sniffer.os == :ios && sniffer.os_version.match(/^([0-9]|1[12])[\.\_]/)) ||
    (sniffer.os == :mac && sniffer.browser == :safari && sniffer.os_version.match(/^10[\.\_]14/))
end

Instance Method Details

#call(env) ⇒ Object

# File 'lib/duodealer_app/middleware/same_site_cookie_middleware.rb', line 11

def call(env)
  status, headers, body = @app.call(env)
  user_agent = env["HTTP_USER_AGENT"]

  if headers && headers["Set-Cookie"] &&
      !SameSiteCookieMiddleware.same_site_none_incompatible?(user_agent) &&
      DuodealerApp.configuration.enable_same_site_none

    set_cookies = headers["Set-Cookie"]
      .split(COOKIE_SEPARATOR)
      .compact
      .map do |cookie|
        cookie << "; Secure" if not cookie =~ /;\s*secure/i
        cookie << "; SameSite=None" unless /;\s*samesite=/i.match?(cookie)
        cookie
      end

    headers["Set-Cookie"] = set_cookies.join(COOKIE_SEPARATOR)
  end

  [status, headers, body]
end