On 2/8/20 2:14 AM, cove...@apache.org wrote:
> Author: covener
> Date: Sat Feb 8 01:14:28 2020
> New Revision: 1873762
>
> URL: http://svn.apache.org/viewvc?rev=1873762&view=rev
> Log:
> add SameSite to RewriteRule ... ... [CO]
>
>
> Modified:
> httpd/httpd/trunk/CHANGES
> httpd/httpd/trunk/docs/manual/mod/mod_rewrite.xml
> httpd/httpd/trunk/docs/manual/rewrite/flags.xml
> httpd/httpd/trunk/modules/mappers/mod_rewrite.c
>
> Modified: httpd/httpd/trunk/modules/mappers/mod_rewrite.c
> URL:
> http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/mappers/mod_rewrite.c?rev=1873762&r1=1873761&r2=1873762&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/modules/mappers/mod_rewrite.c (original)
> +++ httpd/httpd/trunk/modules/mappers/mod_rewrite.c Sat Feb 8 01:14:28 2020
> @@ -2654,6 +2656,11 @@ static void add_cookie(request_rec *r, c
> "; HttpOnly" : NULL,
> NULL);
>
> + if (samesite && !strcasecmp(samesite, "0")) {
Doesn't it need to be strcmp(samesite, "0") instead of !strcasecmp(samesite,
"0") ?
I mean the above will set samesite to '0' in the cookie if samesite is '0'.
> + cookie = apr_pstrcat(rmain->pool, cookie, "; SameSite=",
> + samesite, NULL);
> + }
> +
Any particular reason why we don't accept 'false' in a case insensitive way
along with 0 as the flag
not being set? This would be inline with the other flags.
I think the second apr_pstrcat can waste some memory as we nearly need the
memory for the cookie twice in case samesite is set.
Is it worth converting both apr_pstrcat sections to fill an iovec struct and
doing one apr_pstrcatv afterwards?
Regards
RĂ¼diger
