rev |
line source |
jbe/bsw@16
|
1 --[[--
|
jbe/bsw@16
|
2 request.set_cookie{
|
jbe@551
|
3 name = name, -- name of cookie
|
jbe@551
|
4 value = value, -- value of cookie
|
jbe@551
|
5 domain = domain, -- optional domain domain where cookie is transmitted
|
jbe@551
|
6 path = path, -- optional path where cookie is transmitted, defaults to application base
|
jbe@551
|
7 secure = secure, -- optional boolean, indicating if cookie should only be transmitted over HTTPS
|
jbe@551
|
8 samesite = samesite -- SameSite policy set to "strict", "lax", or "none" (all lower-case, defaults to "lax")
|
jbe/bsw@16
|
9 }
|
jbe/bsw@16
|
10
|
jbe/bsw@16
|
11 This function is similar to rocketwiki.set_cookie{...}, except that it automatically sets the path to the application base. It also sets secure=true, if the secure option is unset and the application base URL starts with "https://".
|
jbe/bsw@16
|
12
|
jbe/bsw@16
|
13 --]]--
|
jbe/bsw@16
|
14
|
jbe/bsw@16
|
15 function request.set_cookie(args)
|
jbe@223
|
16 local args = table.new(args)
|
jbe@223
|
17 if not args.path then
|
jbe@223
|
18 args.path = string.match(
|
jbe/bsw@16
|
19 request.get_absolute_baseurl(),
|
jbe/bsw@16
|
20 "://[^/]*(.*)"
|
jbe/bsw@16
|
21 )
|
jbe@249
|
22 if args.path == nil then
|
jbe@249
|
23 args.path = "/"
|
jbe/bsw@16
|
24 end
|
jbe/bsw@16
|
25 end
|
jbe@223
|
26 if args.secure == nil then
|
jbe/bsw@16
|
27 if string.find(
|
jbe/bsw@16
|
28 string.lower(request.get_absolute_baseurl()),
|
jbe/bsw@16
|
29 "^https://"
|
jbe/bsw@16
|
30 ) then
|
jbe@223
|
31 args.secure = true
|
jbe/bsw@16
|
32 else
|
jbe@223
|
33 args.secure = false
|
jbe/bsw@16
|
34 end
|
jbe/bsw@16
|
35 end
|
jbe@223
|
36 assert(string.find(args.name, "^[0-9A-Za-z%%._~-]+$"), "Illegal cookie name")
|
jbe@223
|
37 assert(string.find(args.value, "^[0-9A-Za-z%%._~-]+$"), "Illegal cookie value")
|
jbe@223
|
38 local parts = {args.name .. "=" .. args.value}
|
jbe@223
|
39 if args.domain then
|
jbe@223
|
40 assert(
|
jbe@223
|
41 string.find(args.path, "^[0-9A-Za-z%%/._~-]+$"),
|
jbe@223
|
42 "Illegal cookie domain"
|
jbe@223
|
43 )
|
jbe@223
|
44 parts[#parts+1] = "domain=" .. args.domain
|
jbe@223
|
45 end
|
jbe@223
|
46 if args.path then
|
jbe@223
|
47 assert(
|
jbe@223
|
48 string.find(args.path, "^[0-9A-Za-z%%/._~-]+$"),
|
jbe@223
|
49 "Illegal cookie path"
|
jbe@223
|
50 )
|
jbe@223
|
51 parts[#parts+1] = "path=" .. args.path
|
jbe@223
|
52 end
|
jbe@223
|
53 if args.secure then
|
jbe@223
|
54 parts[#parts+1] = "secure"
|
jbe@223
|
55 end
|
jbe@551
|
56 if args.samesite == "strict" then
|
jbe@551
|
57 parts[#parts+1] = "SameSite=Strict"
|
jbe@551
|
58 elseif args.samesite == "lax" or args.samesite == nil then
|
jbe@551
|
59 parts[#parts+1] = "SameSite=Lax"
|
jbe@551
|
60 elseif args.samesite == "none" then
|
jbe@551
|
61 parts[#parts+1] = "SameSite=None"
|
jbe@551
|
62 else
|
jbe@551
|
63 error("Cookie SameSite policy set to unsupported value")
|
jbe@551
|
64 end
|
jbe@223
|
65 request.add_header("Set-Cookie", table.concat(parts, "; "))
|
jbe/bsw@16
|
66 end
|