lib/rack/utils.rb in rack-2.0.0.alpha vs lib/rack/utils.rb in rack-2.0.0.rc1
- old
+ new
@@ -246,17 +246,27 @@
# RFC 6265
expires = "; expires=" +
rfc2822(value[:expires].clone.gmtime) if value[:expires]
secure = "; secure" if value[:secure]
httponly = "; HttpOnly" if (value.key?(:httponly) ? value[:httponly] : value[:http_only])
- first_party = "; First-Party" if value[:first_party]
+ same_site =
+ case value[:same_site]
+ when false, nil
+ nil
+ when :lax, 'Lax', :Lax
+ '; SameSite=Lax'.freeze
+ when true, :strict, 'Strict', :Strict
+ '; SameSite=Strict'.freeze
+ else
+ raise ArgumentError, "Invalid SameSite value: #{value[:same_site].inspect}"
+ end
value = value[:value]
end
value = [value] unless Array === value
cookie = "#{escape(key)}=#{value.map { |v| escape v }.join('&')}#{domain}" \
- "#{path}#{max_age}#{expires}#{secure}#{httponly}#{first_party}"
+ "#{path}#{max_age}#{expires}#{secure}#{httponly}#{same_site}"
case header
when nil, ''
cookie
when String
@@ -549,10 +559,11 @@
424 => 'Failed Dependency',
426 => 'Upgrade Required',
428 => 'Precondition Required',
429 => 'Too Many Requests',
431 => 'Request Header Fields Too Large',
+ 451 => 'Unavailable for Legal Reasons',
500 => 'Internal Server Error',
501 => 'Not Implemented',
502 => 'Bad Gateway',
503 => 'Service Unavailable',
504 => 'Gateway Timeout',
@@ -595,8 +606,15 @@
clean.unshift '/' if parts.empty? || parts.first.empty?
::File.join(*clean)
end
module_function :clean_path_info
+
+ NULL_BYTE = "\0".freeze
+
+ def valid_path?(path)
+ path.valid_encoding? && !path.include?(NULL_BYTE)
+ end
+ module_function :valid_path?
end
end