On 12/11/10 05:28 PM, Adam Prime wrote:
>> All looks good. Waiting for someone with more legal knowledge than I to
>> confirm that we can re-use the patch, and I'll commit to trunk.
>>
>> We may also want to do a release. With the small amount of development,
>> it could be years until this sees the light of day if we wait to package
>> more stuff into it :) 2.12 was released March, 2009, so I'd like to
>> call a vote to T&R 2.13.
>>
>> [ ] Release 2.13 with the new HttpOnly cookie feature (once committed)
>> [ ] Don't release 2.13 yet
>>
>
> I have tests for the perl interface at home. I can send that patch later
> this evening. I don't have a vote, but i'd vote for getting it out ;)
The perl test is attached. One thing that should be noted about both
these tests is that they only test HttpOnly on the outgoing Set-Cookie:
header. From what i read, HttpOnly shouldn't exist on Cookie: headers
coming from the client, and the patch from debian does not add support
for parsing them out of Cookie: headers. I think known though, but i
just wanted to make sure it was pointed out explicitly.
Adam
Index: glue/perl/t/apreq/cookie.t
===================================================================
--- glue/perl/t/apreq/cookie.t (revision 1032832)
+++ glue/perl/t/apreq/cookie.t (working copy)
@@ -6,7 +6,7 @@
use Apache::TestUtil;
use Apache::TestRequest qw(GET_BODY GET_HEAD);
-plan tests => 14, need_min_module_version('Apache::Test' => 1.29) || need_lwp;
+plan tests => 15, need_min_module_version('Apache::Test' => 1.29) || need_lwp;
my $module = "TestApReq::cookie";
my $location = Apache::TestRequest::module2url($module);
@@ -168,3 +168,15 @@
my $str = GET_BODY("$location?test=$test", Cookie => $cookie);
ok t_cmp($str, $value, $test);
}
+{
+ my $test = 'httponly';
+ my $key = 'apache';
+ my $value = 'ok';
+ my $cookie = "$key=$value; HttpOnly";
+ my ($header) =
+ GET_HEAD("$location?test=$test&key=$key") =~ /^#Set-Cookie:\s+(.+)/m;
+
+ ok t_cmp($header, $cookie_in, $test);
+
+}
+
Index: glue/perl/t/response/TestApReq/cookie.pm
===================================================================
--- glue/perl/t/response/TestApReq/cookie.pm (revision 1032832)
+++ glue/perl/t/response/TestApReq/cookie.pm (working copy)
@@ -68,6 +68,10 @@
$cookie->version(1);
$cookie->bake2($req);
}
+ elsif ($test eq 'httponly'){
+ $cookie->httponly(1);
+ $cookie->bake($req);
+ }
$r->print($cookie->value);
}
Index: glue/perl/lib/Apache2/Cookie.pm
===================================================================
--- glue/perl/lib/Apache2/Cookie.pm (revision 1032832)
+++ glue/perl/lib/Apache2/Cookie.pm (working copy)
@@ -436,6 +436,20 @@
+=head2 httponly
+
+ $cookie->httponly()
+ $cookie->httponly($set)
+
+Get or set the HttpOnly flag for the cookie:
+
+ $cookie->httponly(1);
+ $is_HttpOnly = $cookie->httponly;
+ $cookie->httponly(0);
+
+
+
+
=head2 comment
$cookie->comment()
