webmcp

annotate framework/env/request/set_cookie.lua @ 556:c228db239964

find changesets by author, revision, files, or words in the commit message
Only treat tables without metatable as array
author jbe
date Tue Feb 18 18:15:42 2020 +0100 (2020-02-18)
parents a0f1a4e76556
children
rev   line source
jbe/bsw@16 1 --[[--
jbe/bsw@16 2 request.set_cookie{
jbe@551 3 name = name, -- name of cookie
jbe@551 4 value = value, -- value of cookie
jbe@551 5 domain = domain, -- optional domain domain where cookie is transmitted
jbe@551 6 path = path, -- optional path where cookie is transmitted, defaults to application base
jbe@551 7 secure = secure, -- optional boolean, indicating if cookie should only be transmitted over HTTPS
jbe@551 8 samesite = samesite -- SameSite policy set to "strict", "lax", or "none" (all lower-case, defaults to "lax")
jbe/bsw@16 9 }
jbe/bsw@16 10
jbe/bsw@16 11 This function is similar to rocketwiki.set_cookie{...}, except that it automatically sets the path to the application base. It also sets secure=true, if the secure option is unset and the application base URL starts with "https://".
jbe/bsw@16 12
jbe/bsw@16 13 --]]--
jbe/bsw@16 14
jbe/bsw@16 15 function request.set_cookie(args)
jbe@223 16 local args = table.new(args)
jbe@223 17 if not args.path then
jbe@223 18 args.path = string.match(
jbe/bsw@16 19 request.get_absolute_baseurl(),
jbe/bsw@16 20 "://[^/]*(.*)"
jbe/bsw@16 21 )
jbe@249 22 if args.path == nil then
jbe@249 23 args.path = "/"
jbe/bsw@16 24 end
jbe/bsw@16 25 end
jbe@223 26 if args.secure == nil then
jbe/bsw@16 27 if string.find(
jbe/bsw@16 28 string.lower(request.get_absolute_baseurl()),
jbe/bsw@16 29 "^https://"
jbe/bsw@16 30 ) then
jbe@223 31 args.secure = true
jbe/bsw@16 32 else
jbe@223 33 args.secure = false
jbe/bsw@16 34 end
jbe/bsw@16 35 end
jbe@223 36 assert(string.find(args.name, "^[0-9A-Za-z%%._~-]+$"), "Illegal cookie name")
jbe@223 37 assert(string.find(args.value, "^[0-9A-Za-z%%._~-]+$"), "Illegal cookie value")
jbe@223 38 local parts = {args.name .. "=" .. args.value}
jbe@223 39 if args.domain then
jbe@223 40 assert(
jbe@223 41 string.find(args.path, "^[0-9A-Za-z%%/._~-]+$"),
jbe@223 42 "Illegal cookie domain"
jbe@223 43 )
jbe@223 44 parts[#parts+1] = "domain=" .. args.domain
jbe@223 45 end
jbe@223 46 if args.path then
jbe@223 47 assert(
jbe@223 48 string.find(args.path, "^[0-9A-Za-z%%/._~-]+$"),
jbe@223 49 "Illegal cookie path"
jbe@223 50 )
jbe@223 51 parts[#parts+1] = "path=" .. args.path
jbe@223 52 end
jbe@223 53 if args.secure then
jbe@223 54 parts[#parts+1] = "secure"
jbe@223 55 end
jbe@551 56 if args.samesite == "strict" then
jbe@551 57 parts[#parts+1] = "SameSite=Strict"
jbe@551 58 elseif args.samesite == "lax" or args.samesite == nil then
jbe@551 59 parts[#parts+1] = "SameSite=Lax"
jbe@551 60 elseif args.samesite == "none" then
jbe@551 61 parts[#parts+1] = "SameSite=None"
jbe@551 62 else
jbe@551 63 error("Cookie SameSite policy set to unsupported value")
jbe@551 64 end
jbe@223 65 request.add_header("Set-Cookie", table.concat(parts, "; "))
jbe/bsw@16 66 end

Impressum / About Us