vweb: secure HttpOnly cookies

pull/3051/head
Alexander Medvednikov 2019-12-11 03:20:30 +03:00
parent cdfbb2978d
commit f286387647
3 changed files with 8 additions and 3 deletions

View File

@ -233,6 +233,11 @@ fn test_replace_each() {
'[code]', '<code>',
'[/code]', '</code>'
]) == '<b>bold</b> <code>code</code>'
bb2 := '[b]cool[/b]'
assert bb2.replace_each([
'[b]', '<b>',
'[/b]', '</b>',
]) == '<b>cool</b>'
}
fn test_itoa() {

View File

@ -76,7 +76,7 @@ _ = header
}
// HTML, may include `@var`
else {
s.writeln(line.replace('@', '\x24').replace('\'', '"') )
s.writeln(line.replace('@', '\x24').replace("'", '"') )
}
}
s.writeln(STR_END)

View File

@ -74,11 +74,11 @@ pub fn (ctx Context) not_found(s string) {
pub fn (ctx mut Context) set_cookie(key, val string) { // TODO support directives, escape cookie value (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie)
//println('Set-Cookie $key=$val')
ctx.add_header('Set-Cookie', '$key=$val')
ctx.add_header('Set-Cookie', '$key=$val; Secure; HttpOnly')
}
pub fn (ctx &Context) get_cookie(key string) ?string { // TODO refactor
cookie_header := ' ' + ctx.get_header('Cookie')
cookie_header := ' ' + ctx.get_header('cookie')
cookie := if cookie_header.contains(';') {
cookie_header.find_between(' $key=', ';')
} else {