forks
/
arsd
mirror of https://github.com/adamdruppe/arsd.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

initial samesite cookie thing to match newer spec

This commit is contained in:
Adam D. Ruppe 2021-01-11 19:56:43 -05:00
parent ff3bce215b
commit 86c76a39bb
1 changed files with 33 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
cgi.d
View File

@ -2104,11 +2104,26 @@ class Cgi {
private bool publicCaching = false; private bool publicCaching = false;
*/ */
/// Sets an HTTP cookie, automatically encoding the data to the correct string. /++
/// expiresIn is how many milliseconds in the future the cookie will expire. History:
/// TIP: to make a cookie accessible from subdomains, set the domain to .yourdomain.com. Added January 11, 2021
/// Note setCookie() must be called *before* you write() any data to the output. +/
void setCookie(string name, string data, long expiresIn = 0, string path = null, string domain = null, bool httpOnly = false, bool secure = false) { enum SameSitePolicy {
Lax,
Strict,
None
}
/+
Sets an HTTP cookie, automatically encoding the data to the correct string.
expiresIn is how many milliseconds in the future the cookie will expire.
TIP: to make a cookie accessible from subdomains, set the domain to .yourdomain.com.
Note setCookie() must be called *before* you write() any data to the output.
History:
Parameter `sameSitePolicy` was added on January 11, 2021.
+/
void setCookie(string name, string data, long expiresIn = 0, string path = null, string domain = null, bool httpOnly = false, bool secure = false, SameSitePolicy sameSitePolicy = SameSitePolicy.Lax) {
assert(!outputtedResponseData); assert(!outputtedResponseData);
string cookie = std.uri.encodeComponent(name) ~ "="; string cookie = std.uri.encodeComponent(name) ~ "=";
cookie ~= std.uri.encodeComponent(data); cookie ~= std.uri.encodeComponent(data);
@ -2123,6 +2138,18 @@ class Cgi {
cookie ~= "; Secure"; cookie ~= "; Secure";
if(httpOnly == true ) if(httpOnly == true )
cookie ~= "; HttpOnly"; cookie ~= "; HttpOnly";
final switch(sameSitePolicy) {
case SameSitePolicy.Lax:
cookie ~= "; SameSite=Lax";
break;
case SameSitePolicy.Strict:
cookie ~= "; SameSite=Strict";
break;
case SameSitePolicy.None:
cookie ~= "; SameSite=None";
assert(secure); // cookie spec requires this now, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
break;
}
if(auto idx = name in cookieIndexes) { if(auto idx = name in cookieIndexes) {
responseCookies[*idx] = cookie; responseCookies[*idx] = cookie;
@ -3491,6 +3518,7 @@ struct RequestServer {
private int privDropUserId; private int privDropUserId;
private int privDropGroupId; private int privDropGroupId;
// Added Jan 11, 2021
private void dropPrivs() { private void dropPrivs() {
version(Posix) { version(Posix) {
import core.sys.posix.unistd; import core.sys.posix.unistd;