Skip to content

R
rails

张重言 / rails

通知 1
Star 0
Fork 0
R
rails

体验新版 GitCode,发现更多精彩内容 >>

提交 f9913266 编写于 作者: R Rizwan Reza 提交者: José Valim
浏览文件
操作

Took out the domain option logic to cookies.rb.

上级 5609149d
隐藏空白更改
内联 并排
Showing with 32 addition and 22 deletion
actionpack/lib/action_dispatch/middleware/cookies.rb
浏览文件 @ f9913266
...@@ -45,7 +45,15 @@ def cookie_jar ...@@ -45,7 +45,15 @@ def cookie_jar
# * <tt>:value</tt> - The cookie's value or list of values (as an array). # * <tt>:value</tt> - The cookie's value or list of values (as an array).
# * <tt>:path</tt> - The path for which this cookie applies. Defaults to the root # * <tt>:path</tt> - The path for which this cookie applies. Defaults to the root
# of the application. # of the application.
# * <tt>:domain</tt> - The domain for which this cookie applies. # * <tt>:domain</tt> - The domain for which this cookie applies so you can
# restrict to the domain level. If you use a schema like www.example.com
# and want to share session with user.example.com set <tt>:domain</tt>
# to <tt>:all</tt>
#
# :domain => nil # Does not sets cookie domain. (default)
# :domain => :all # Allow the cookie for the top most level
# domain and subdomains.
#
# * <tt>:expires</tt> - The time at which this cookie expires, as a Time object. # * <tt>:expires</tt> - The time at which this cookie expires, as a Time object.
# * <tt>:secure</tt> - Whether this cookie is a only transmitted to HTTPS servers. # * <tt>:secure</tt> - Whether this cookie is a only transmitted to HTTPS servers.
# Default is +false+. # Default is +false+.
...@@ -54,13 +62,22 @@ def cookie_jar ...@@ -54,13 +62,22 @@ def cookie_jar
class Cookies class Cookies
HTTP_HEADER = "Set-Cookie".freeze HTTP_HEADER = "Set-Cookie".freeze
TOKEN_KEY = "action_dispatch.secret_token".freeze TOKEN_KEY = "action_dispatch.secret_token".freeze
# Raised when storing more than 4K of session data. # Raised when storing more than 4K of session data.
class CookieOverflow < StandardError; end class CookieOverflow < StandardError; end
class CookieJar < Hash #:nodoc: class CookieJar < Hash #:nodoc:
# This regular expression is used to split the levels of a domain
# So www.example.co.uk gives:
# $1 => www.
# $2 => example
# $3 => co.uk
DOMAIN_REGEXP = /^(.*\.)*(.*)\.(...|...\...|....|..\...|..)$/
def self.build(request) def self.build(request)
secret = request.env[TOKEN_KEY] secret = request.env[TOKEN_KEY]
@@host = request.env["HTTP_HOST"]
new(secret).tap do |hash| new(secret).tap do |hash|
hash.update(request.cookies) hash.update(request.cookies)
end end
...@@ -70,6 +87,7 @@ def initialize(secret=nil) ...@@ -70,6 +87,7 @@ def initialize(secret=nil)
@secret = secret @secret = secret
@set_cookies = {} @set_cookies = {}
@delete_cookies = {} @delete_cookies = {}
super() super()
end end
...@@ -92,6 +110,12 @@ def []=(key, options) ...@@ -92,6 +110,12 @@ def []=(key, options)
value = super(key.to_s, value) value = super(key.to_s, value)
options[:path] ||= "/" options[:path] ||= "/"
if options[:domain] == :all
@@host =~ DOMAIN_REGEXP
options[:domain] = ".#{$2}.#{$3}"
end
@set_cookies[key] = options @set_cookies[key] = options
@delete_cookies.delete(key) @delete_cookies.delete(key)
value value
...@@ -103,6 +127,12 @@ def []=(key, options) ...@@ -103,6 +127,12 @@ def []=(key, options)
def delete(key, options = {}) def delete(key, options = {})
options.symbolize_keys! options.symbolize_keys!
options[:path] ||= "/" options[:path] ||= "/"
if options[:domain] == :all
@@host =~ DOMAIN_REGEXP
options[:domain] = ".#{$2}.#{$3}"
end
value = super(key.to_s) value = super(key.to_s)
@delete_cookies[key] = options @delete_cookies[key] = options
value value
......
actionpack/lib/action_dispatch/middleware/session/abstract_store.rb
浏览文件 @ f9913266
...@@ -93,13 +93,6 @@ def stale_session_check! ...@@ -93,13 +93,6 @@ def stale_session_check!
:cookie_only => true :cookie_only => true
} }
# This regular expression is used to split the levels of a domain:
# So www.example.co.uk gives:
# $1 => www.
# $2 => example
# $3 => co.uk
DOMAIN_REGEXP = /^(.*\.)*(.*)\.(...|...\...|....|..\...|..)$/
def initialize(app, options = {}) def initialize(app, options = {})
@app = app @app = app
@default_options = DEFAULT_OPTIONS.merge(options) @default_options = DEFAULT_OPTIONS.merge(options)
...@@ -129,11 +122,6 @@ def call(env) ...@@ -129,11 +122,6 @@ def call(env)
cookie[:expires] = Time.now + options.delete(:expire_after) cookie[:expires] = Time.now + options.delete(:expire_after)
end end
if options[:domain] == :all
env["HTTP_HOST"] =~ DOMAIN_REGEXP
options[:domain] = ".#{$2}.#{$3}"
end
request = ActionDispatch::Request.new(env) request = ActionDispatch::Request.new(env)
set_cookie(request, cookie.merge!(options)) set_cookie(request, cookie.merge!(options))
end end
......
actionpack/lib/action_dispatch/middleware/session/cookie_store.rb
浏览文件 @ f9913266
...@@ -34,14 +34,6 @@ module Session ...@@ -34,14 +34,6 @@ module Session
# integrity defaults to 'SHA1' but may be any digest provided by OpenSSL, # integrity defaults to 'SHA1' but may be any digest provided by OpenSSL,
# such as 'MD5', 'RIPEMD160', 'SHA256', etc. # such as 'MD5', 'RIPEMD160', 'SHA256', etc.
# #
# * <tt>:domain</tt>: Restrict the session cookie to certain domain level.
# If you use a schema like www.example.com and wants to share session
# with user.example.com set <tt>:domain</tt> to <tt>:all</tt>
#
# :domain => nil # Does not sets cookie domain. (default)
# :domain => :all # Allow the cookie for the top most level
# domain and subdomains.
#
# To generate a secret key for an existing application, run # To generate a secret key for an existing application, run
# "rake secret" and set the key in config/environment.rb. # "rake secret" and set the key in config/environment.rb.
# #
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册