Class: SafeCookies::Configuration

Inherits:
Object
  • Object
show all
Defined in:
lib/safe_cookies/configuration.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initializeConfiguration

Returns a new instance of Configuration.



20
21
22
23
24
25
 
# File 'lib/safe_cookies/configuration.rb', line 20

def initialize
  self.registered_cookies = {}
  self.insecure_cookies = []
  self.scriptable_cookies = []
  self.ignored_cookies = []
end

Instance Attribute Details

Returns the value of attribute correct_cookie_paths_timestamp.



17
18
19
 
# File 'lib/safe_cookies/configuration.rb', line 17

def correct_cookie_paths_timestamp
  @correct_cookie_paths_timestamp
end

#fix_cookie_pathsObject

Returns the value of attribute fix_cookie_paths.



17
18
19
 
# File 'lib/safe_cookies/configuration.rb', line 17

def fix_cookie_paths
  @fix_cookie_paths
end

#ignored_cookiesObject

Returns the value of attribute ignored_cookies.



17
18
19
 
# File 'lib/safe_cookies/configuration.rb', line 17

def ignored_cookies
  @ignored_cookies
end

#log_unknown_cookiesObject

Returns the value of attribute log_unknown_cookies.



16
17
18
 
# File 'lib/safe_cookies/configuration.rb', line 16

def log_unknown_cookies
  @log_unknown_cookies
end

#registered_cookiesObject

Returns the value of attribute registered_cookies.



17
18
19
 
# File 'lib/safe_cookies/configuration.rb', line 17

def registered_cookies
  @registered_cookies
end

Instance Method Details

#fix_paths(options = {}) ⇒ Object 



59
60
61
62
63
64
 
# File 'lib/safe_cookies/configuration.rb', line 59

def fix_paths(options = {})
  options.has_key?(:for_cookies_secured_before) or raise MissingOptionError.new("Was told to fix paths without the :for_cookies_secured_before timestamp.")

  self.fix_cookie_paths = true
  self.correct_cookie_paths_timestamp = options[:for_cookies_secured_before]
end

#ignore_cookie(name_or_regex) ⇒ Object

Ignore cookies that you don’t control like this:

ignore_cookie 'ignored_cookie'
ignore_cookie /^__utm/



55
56
57
 
# File 'lib/safe_cookies/configuration.rb', line 55

def ignore_cookie(name_or_regex)
  self.ignored_cookies << name_or_regex
end

#insecure_cookie?(name) ⇒ Boolean

Returns:

  • (Boolean) 


66
67
68
 
# File 'lib/safe_cookies/configuration.rb', line 66

def insecure_cookie?(name)
  insecure_cookies.include? name
end

#register_cookie(name, options) ⇒ Object

Register cookies you expect to receive. The middleware will rewrite all registered cookies it receives, making them both secure and http_only.

Unfortunately, the client won’t ever tell us if the cookie was originally sent with flags such as “secure” or which expiry date it currently has: tools.ietf.org/html/rfc6265#section-4.2.2

Therefore, specify an expiry, and more options if needed:

:expire_after => 1.year
:secure => false
:http_only = false
:path => '/foo/path'

Raises:

  • (NotImplementedError) 


41
42
43
44
45
46
47
48
49
 
# File 'lib/safe_cookies/configuration.rb', line 41

def register_cookie(name, options)
  name.is_a?(String) or raise "Cookie name must be a String"
  options.has_key?(:expire_after) or raise MissingOptionError.new("Cookie #{name.inspect} was registered without an expiry")
  raise NotImplementedError if options.has_key?(:domain)
  
  registered_cookies[name] = (options || {}).freeze
  insecure_cookies << name if options[:secure] == false
  scriptable_cookies << name if options[:http_only] == false
end

#scriptable_cookie?(name) ⇒ Boolean

Returns:

  • (Boolean) 


70
71
72
 
# File 'lib/safe_cookies/configuration.rb', line 70

def scriptable_cookie?(name)
  scriptable_cookies.include? name
end