This is an automated email from the ASF dual-hosted git repository. gancho pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/master by this push: new 965bd1d access_control: changes after 1st integration 965bd1d is described below commit 965bd1d1e0bff79e057fec88f21e6acabaf1772d Author: Gancho Tenev <gan...@apache.org> AuthorDate: Mon Nov 5 11:35:56 2018 -0800 access_control: changes after 1st integration - allow multiple set-cookie headers in the response - associate the cookie with path=/ (needed by all known use-cases). --- plugins/experimental/access_control/headers.cc | 6 +++--- plugins/experimental/access_control/headers.h | 2 +- plugins/experimental/access_control/plugin.cc | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/plugins/experimental/access_control/headers.cc b/plugins/experimental/access_control/headers.cc index 2bb70bb..fda3a74 100644 --- a/plugins/experimental/access_control/headers.cc +++ b/plugins/experimental/access_control/headers.cc @@ -133,7 +133,7 @@ getHeader(TSMBuffer bufp, TSMLoc hdrLoc, const char *header, int headerlen, char * @return true - OK, false - failed */ bool -setHeader(TSMBuffer bufp, TSMLoc hdrLoc, const char *header, int headerlen, const char *value, int valuelen) +setHeader(TSMBuffer bufp, TSMLoc hdrLoc, const char *header, int headerlen, const char *value, int valuelen, bool duplicateOk) { if (!bufp || !hdrLoc || !header || headerlen <= 0 || !value || valuelen <= 0) { return false; @@ -142,8 +142,8 @@ setHeader(TSMBuffer bufp, TSMLoc hdrLoc, const char *header, int headerlen, cons bool ret = false; TSMLoc fieldLoc = TSMimeHdrFieldFind(bufp, hdrLoc, header, headerlen); - if (!fieldLoc) { - // No existing header, so create one + if (!fieldLoc || duplicateOk) { + // No existing header or duplicates ok, so create one if (TS_SUCCESS == TSMimeHdrFieldCreateNamed(bufp, hdrLoc, header, headerlen, &fieldLoc)) { if (TS_SUCCESS == TSMimeHdrFieldValueStringSet(bufp, hdrLoc, fieldLoc, -1, value, valuelen)) { TSMimeHdrFieldAppend(bufp, hdrLoc, fieldLoc); diff --git a/plugins/experimental/access_control/headers.h b/plugins/experimental/access_control/headers.h index d3ad443..bd45e30 100644 --- a/plugins/experimental/access_control/headers.h +++ b/plugins/experimental/access_control/headers.h @@ -28,5 +28,5 @@ int removeHeader(TSMBuffer bufp, TSMLoc hdr_loc, const char *header, int len); bool headerExist(TSMBuffer bufp, TSMLoc hdr_loc, const char *header, int len); char *getHeader(TSMBuffer bufp, TSMLoc hdr_loc, const char *header, int headerlen, char *value, int *valuelen); -bool setHeader(TSMBuffer bufp, TSMLoc hdr_loc, const char *header, int len, const char *val, int val_len); +bool setHeader(TSMBuffer bufp, TSMLoc hdr_loc, const char *header, int len, const char *val, int val_len, bool duplicateOk = false); void dumpHeaders(TSMBuffer bufp, TSMLoc hdr_loc); diff --git a/plugins/experimental/access_control/plugin.cc b/plugins/experimental/access_control/plugin.cc index 10d3852..bcc68f9 100644 --- a/plugins/experimental/access_control/plugin.cc +++ b/plugins/experimental/access_control/plugin.cc @@ -385,11 +385,11 @@ contHandleAccessControl(const TSCont contp, TSEvent event, void *edata) * a secure channel, typically HTTP over Transport Layer Security (TLS) * HttpOnly - instructs the UA to omit the cookie when providing access to cookies via “non-HTTP” APIs such as a web * browser API that exposes cookies to scripts */ - cookieValue.append("Secure; HttpOnly"); + cookieValue.append("path=/; Secure; HttpOnly"); AccessControlDebug("%.*s: %s", TS_MIME_LEN_SET_COOKIE, TS_MIME_FIELD_SET_COOKIE, cookieValue.c_str()); setHeader(clientRespBufp, clientRespHdrLoc, TS_MIME_FIELD_SET_COOKIE, TS_MIME_LEN_SET_COOKIE, cookieValue.c_str(), - cookieValue.size()); + cookieValue.size(), /* duplicateOk = */ true); delete token; } else {