Rack::BlacklistCookies

Rack middleware for removing cookies on the request and response at a route level.

Rack::BlacklistCookies is a rack middleware that will block certain cookies from an HTTP request, as well as strip certain cookies from an HTTP response.

It does this by examining the Cookies headers on the request, and the Set-Cookie headers on the response, and stripping out any cookie that has been explicitly blacklisted in the configuration. It also let's you do that on a per route basis, allowing you to selectively strip certain cookies only for certain routes in your application.

This may be useful in situations where you want to continue setting cookies generally but want to apply a finer set of rules to either the request or the response.

Installation

Add this line to your application's Gemfile:

gem 'rack-blacklist_cookies'

And then execute:

$ bundle

Or install it yourself as:

$ gem install rack-blacklist_cookies

Configuration

All this gem needs to run is a simple configuration file.

You can blacklist on either the request or the response by setting pairs of "/url-string" => ["list", "of", "cookies"] values.

Take the following config as an example:

Rack::BlacklistCookies.configure do |config|
  config.request_blacklist = {
    "/some-url"       => ["cookie_to_blacklist", "another_blacklisted_cookie"]
  }
  config.response_blacklist = {
    "/"               => ["do_not_set_this_cookie_on_homepage_response"]
  }
end

This will ensure requests getting into your application on the URL /some-url will not have the cookies cookie_to_blacklist and another_blacklisted_cookie. Similarly, even if your web application returns a cookie with the name do_not_set_this_cookie_on_homepage_response for requests to /, that cookie will not make it into the client as the middleware will strip it out.

As this is a Rack middleware, it will respect and correctly ignore any ?querystring and #bookmark params in the URL.

Using with Rails

If you are using this middleware with Rails, a typical place to set up the gem is in the config/initializers folder.

Don't forget to add the middleware to config/application.rb as well.

config.middleware.insert 0, Rack::BlacklistCookies

Development

After checking out the repo, run bundle install to install dependencies. Then, run rake spec to run the tests.

Contributing

Bug reports and pull requests are welcome on GitHub at https://github.com/notonthehighstreet/rack-blacklist_cookies. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the Contributor Covenant code of conduct.

License

The gem is available as open source under the terms of the MIT License.