webmcp
view framework/env/request/set_cookie.lua @ 491:7a7770297ae8
Fixed error in error handling when catching illegal static path
| author | jbe | 
|---|---|
| date | Tue Jun 27 15:38:24 2017 +0200 (2017-06-27) | 
| parents | b4b6e1fc74e8 | 
| children | a0f1a4e76556 | 
 line source
     1 --[[--
     2 request.set_cookie{
     3   name   = name,     -- name of cookie
     4   value  = value,    -- value of cookie
     5   domain = domain,   -- optional domain domain where cookie is transmitted
     6   path   = path,     -- optional path where cookie is transmitted, defaults to application base
     7   secure = secure    -- optional boolean, indicating if cookie should only be transmitted over HTTPS
     8 }
    10 This function is similar to rocketwiki.set_cookie{...}, except that it automatically sets the path to the application base. It also sets secure=true, if the secure option is unset and the application base URL starts with "https://".
    12 --]]--
    14 function request.set_cookie(args)
    15   local args = table.new(args)
    16   if not args.path then
    17     args.path = string.match(
    18       request.get_absolute_baseurl(),
    19       "://[^/]*(.*)"
    20     )
    21     if args.path == nil then
    22       args.path = "/"
    23     end
    24   end
    25   if args.secure == nil then
    26     if string.find(
    27       string.lower(request.get_absolute_baseurl()),
    28       "^https://"
    29     ) then
    30       args.secure = true
    31     else
    32       args.secure = false
    33     end
    34   end
    35   assert(string.find(args.name, "^[0-9A-Za-z%%._~-]+$"), "Illegal cookie name")
    36   assert(string.find(args.value, "^[0-9A-Za-z%%._~-]+$"), "Illegal cookie value")
    37   local parts = {args.name .. "=" .. args.value}
    38   if args.domain then
    39     assert(
    40       string.find(args.path, "^[0-9A-Za-z%%/._~-]+$"),
    41       "Illegal cookie domain"
    42     )
    43     parts[#parts+1] = "domain=" .. args.domain
    44   end
    45   if args.path then
    46     assert(
    47       string.find(args.path, "^[0-9A-Za-z%%/._~-]+$"),
    48       "Illegal cookie path"
    49     )
    50     parts[#parts+1] = "path=" .. args.path
    51   end
    52   if args.secure then
    53     parts[#parts+1] = "secure"
    54   end
    55   request.add_header("Set-Cookie", table.concat(parts, "; "))
    56 end
