On 12/11/10 05:28 PM, Adam Prime wrote: >> All looks good. Waiting for someone with more legal knowledge than I to >> confirm that we can re-use the patch, and I'll commit to trunk. >> >> We may also want to do a release. With the small amount of development, >> it could be years until this sees the light of day if we wait to package >> more stuff into it :) 2.12 was released March, 2009, so I'd like to >> call a vote to T&R 2.13. >> >> [ ] Release 2.13 with the new HttpOnly cookie feature (once committed) >> [ ] Don't release 2.13 yet >> > > I have tests for the perl interface at home. I can send that patch later > this evening. I don't have a vote, but i'd vote for getting it out ;)
The perl test is attached. One thing that should be noted about both these tests is that they only test HttpOnly on the outgoing Set-Cookie: header. From what i read, HttpOnly shouldn't exist on Cookie: headers coming from the client, and the patch from debian does not add support for parsing them out of Cookie: headers. I think known though, but i just wanted to make sure it was pointed out explicitly. Adam
Index: glue/perl/t/apreq/cookie.t =================================================================== --- glue/perl/t/apreq/cookie.t (revision 1032832) +++ glue/perl/t/apreq/cookie.t (working copy) @@ -6,7 +6,7 @@ use Apache::TestUtil; use Apache::TestRequest qw(GET_BODY GET_HEAD); -plan tests => 14, need_min_module_version('Apache::Test' => 1.29) || need_lwp; +plan tests => 15, need_min_module_version('Apache::Test' => 1.29) || need_lwp; my $module = "TestApReq::cookie"; my $location = Apache::TestRequest::module2url($module); @@ -168,3 +168,15 @@ my $str = GET_BODY("$location?test=$test", Cookie => $cookie); ok t_cmp($str, $value, $test); } +{ + my $test = 'httponly'; + my $key = 'apache'; + my $value = 'ok'; + my $cookie = "$key=$value; HttpOnly"; + my ($header) = + GET_HEAD("$location?test=$test&key=$key") =~ /^#Set-Cookie:\s+(.+)/m; + + ok t_cmp($header, $cookie_in, $test); + +} + Index: glue/perl/t/response/TestApReq/cookie.pm =================================================================== --- glue/perl/t/response/TestApReq/cookie.pm (revision 1032832) +++ glue/perl/t/response/TestApReq/cookie.pm (working copy) @@ -68,6 +68,10 @@ $cookie->version(1); $cookie->bake2($req); } + elsif ($test eq 'httponly'){ + $cookie->httponly(1); + $cookie->bake($req); + } $r->print($cookie->value); } Index: glue/perl/lib/Apache2/Cookie.pm =================================================================== --- glue/perl/lib/Apache2/Cookie.pm (revision 1032832) +++ glue/perl/lib/Apache2/Cookie.pm (working copy) @@ -436,6 +436,20 @@ +=head2 httponly + + $cookie->httponly() + $cookie->httponly($set) + +Get or set the HttpOnly flag for the cookie: + + $cookie->httponly(1); + $is_HttpOnly = $cookie->httponly; + $cookie->httponly(0); + + + + =head2 comment $cookie->comment()