Change default http_cookie behaviour.

We now default to httponly & secure for newly created cookies. This should've been the default all along. The http_response_cookie() no longer returns a pointer to http_cookie but rather takes it as a parameter and will populate the pointer with the newly created http_cookie if not NULL. Additionally http_response_cookie() automatically sets the domain based on the http_request passed into the function.
2017-03-10 14:20:40 +01:00 · 2017-03-10 14:20:40 +01:00 · 3d24b65268
parent c87a9286b4
commit 3d24b65268
3 changed files with 14 additions and 15 deletions
--- a/examples/cookies/src/cookies.c
+++ b/examples/cookies/src/cookies.c
@ -37,14 +37,12 @@ serve_cookies(struct http_request *req)
 		kore_log(LOG_DEBUG, "Got formatted: %s", value);

 	/* set simple cookie */
-	http_response_cookie(req, "Simple", "Hello World!", 0);
+	http_response_cookie(req, "Simple", "Hello World!", NULL);

 	/* set complex cookie */
-	cookie = http_response_cookie(req, "Complex", "Secure Value!",
-	    HTTP_COOKIE_HTTPONLY | HTTP_COOKIE_SECURE);
-	cookie ->path = kore_strdup("/secure");
+	http_response_cookie(req, "Complex", "Secure Value!", &cookie);
+	cookie->path = kore_strdup("/secure");
 	cookie->expires = time(NULL) + 1 * 60 * 60;
-	cookie->domain = kore_strdup(req->host);

 	/* set formatted cookie */
 	http_response_header(req, "set-cookie",
--- a/includes/http.h
+++ b/includes/http.h
@ -259,17 +259,17 @@ void		http_response_stream(struct http_request *, int, void *,
 		    size_t, int (*cb)(struct netbuf *), void *);
 int		http_request_header(struct http_request *,
 		    const char *, char **);
-int 	http_request_cookie(struct http_request *,
-			const char *, char **);
 void		http_response_header(struct http_request *,
 		    const char *, const char *);
-struct http_cookie	*http_response_cookie(struct http_request *, 
-			char *, char *, u_int16_t);
 int		http_request_new(struct connection *, const char *,
 		    const char *, const char *, const char *,
 		    struct http_request **);
 int		http_state_run(struct http_state *, u_int8_t,
 		    struct http_request *);
+int	 	http_request_cookie(struct http_request *,
+		    const char *, char **);
+void		http_response_cookie(struct http_request *,
+		    const char *, const char *, struct http_cookie **);

 int		http_argument_urldecode(char *);
 int		http_header_recv(struct netbuf *);
--- a/src/http.c
+++ b/src/http.c
@ -1017,9 +1017,9 @@ http_file_rewind(struct http_file *file)
 	file->offset = 0;
 }

-struct http_cookie *
-http_response_cookie(struct http_request *req, char *name, char *val,
-    u_int16_t flags)
+void
+http_response_cookie(struct http_request *req, const char *name,
+    const char *val, struct http_cookie **out)
 {
 	struct http_cookie	*ck;

@ -1031,14 +1031,15 @@ http_response_cookie(struct http_request *req, char *name, char *val,
 	ck->expires = 0;
 	ck->maxage = -1;
 	ck->path = NULL;
-	ck->domain = NULL;
-	ck->flags = flags;
 	ck->name = kore_strdup(name);
 	ck->value = kore_strdup(val);
+	ck->domain = kore_strdup(req->host);
+	ck->flags = HTTP_COOKIE_HTTPONLY | HTTP_COOKIE_SECURE;

 	TAILQ_INSERT_TAIL(&(req->resp_cookies), ck, list);

-	return (ck);
+	if (out != NULL)
+		*out = ck;
 }

 void