364657 Support HTTP only cookies from standard API
This commit is contained in:
parent
eaa83f29d1
commit
1907944aef
|
@ -53,6 +53,7 @@ public class Response implements HttpServletResponse
|
|||
{
|
||||
private static final Logger LOG = Log.getLogger(Response.class);
|
||||
|
||||
|
||||
public static final int
|
||||
NONE=0,
|
||||
STREAM=1,
|
||||
|
@ -65,6 +66,12 @@ public class Response implements HttpServletResponse
|
|||
*/
|
||||
public final static String SET_INCLUDE_HEADER_PREFIX = "org.eclipse.jetty.server.include.";
|
||||
|
||||
/**
|
||||
* If this string is found within the comment of a cookie added with {@link #addCookie(Cookie)}, then the cookie
|
||||
* will be set as HTTP ONLY.
|
||||
*/
|
||||
public final static String HTTP_ONLY_COMMENT="__HTTP_ONLY__";
|
||||
|
||||
private final AbstractHttpConnection _connection;
|
||||
private int _status=SC_OK;
|
||||
private String _reason;
|
||||
|
@ -120,14 +127,28 @@ public class Response implements HttpServletResponse
|
|||
*/
|
||||
public void addCookie(Cookie cookie)
|
||||
{
|
||||
String comment=cookie.getComment();
|
||||
boolean http_only=false;
|
||||
|
||||
if (comment!=null)
|
||||
{
|
||||
int i=comment.indexOf(HTTP_ONLY_COMMENT);
|
||||
if (i>=0)
|
||||
{
|
||||
http_only=true;
|
||||
comment=comment.substring(i,i+HTTP_ONLY_COMMENT.length()).trim();
|
||||
if (comment.length()==0)
|
||||
comment=null;
|
||||
}
|
||||
}
|
||||
_connection.getResponseFields().addSetCookie(cookie.getName(),
|
||||
cookie.getValue(),
|
||||
cookie.getDomain(),
|
||||
cookie.getPath(),
|
||||
cookie.getMaxAge(),
|
||||
cookie.getComment(),
|
||||
comment,
|
||||
cookie.getSecure(),
|
||||
false,//cookie.isHttpOnly(),
|
||||
http_only,// || cookie.isHttpOnly(),
|
||||
cookie.getVersion());
|
||||
}
|
||||
|
||||
|
|
|
@ -29,6 +29,7 @@ import java.util.Map;
|
|||
|
||||
import javax.servlet.ServletContext;
|
||||
import javax.servlet.ServletException;
|
||||
import javax.servlet.http.Cookie;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import javax.servlet.http.HttpSessionContext;
|
||||
|
@ -485,6 +486,24 @@ public class ResponseTest
|
|||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testAddCookie() throws Exception
|
||||
{
|
||||
Response response = new Response(new TestHttpConnection(connector,new ByteArrayEndPoint(), connector.getServer()));
|
||||
|
||||
Cookie cookie=new Cookie("name","value");
|
||||
cookie.setDomain("domain");
|
||||
cookie.setPath("/path");
|
||||
cookie.setSecure(true);
|
||||
cookie.setComment("comment__HTTP_ONLY__");
|
||||
|
||||
response.addCookie(cookie);
|
||||
|
||||
String set = response.getHttpFields().getStringField("Set-Cookie");
|
||||
|
||||
assertEquals("name=value;Path=/path;Domain=domain;Secure;HttpOnly",set);
|
||||
}
|
||||
|
||||
private Response newResponse()
|
||||
{
|
||||
ByteArrayEndPoint endPoint = new ByteArrayEndPoint();
|
||||
|
|
Loading…
Reference in New Issue