# File lib/secure_headers/headers/cookie.rb, line 24 def initialize(cookie, config) @raw_cookie = cookie unless config == OPT_OUT config ||= {} config = COOKIE_DEFAULTS.merge(config) end @config = config @attributes = { httponly: nil, samesite: nil, secure: nil, } parse(cookie) end
# File lib/secure_headers/headers/cookie.rb, line 11 def validate_config!(config) CookiesConfig.new(config).validate! end
# File lib/secure_headers/headers/cookie.rb, line 52 def httponly? flag_cookie?(:httponly) && !already_flagged?(:httponly) end
# File lib/secure_headers/headers/cookie.rb, line 56 def samesite? flag_samesite? && !already_flagged?(:samesite) end
# File lib/secure_headers/headers/cookie.rb, line 48 def secure? flag_cookie?(:secure) && !already_flagged?(:secure) end
# File lib/secure_headers/headers/cookie.rb, line 40 def to_s @raw_cookie.dup.tap do |c| c << "; secure" if secure? c << "; HttpOnly" if httponly? c << "; #{samesite_cookie}" if samesite? end end
# File lib/secure_headers/headers/cookie.rb, line 66 def already_flagged?(attribute) @attributes[attribute] end
# File lib/secure_headers/headers/cookie.rb, line 82 def conditionally_flag?(configuration) if(Array(configuration[:only]).any? && (Array(configuration[:only]) & parsed_cookie.keys).any?) true elsif(Array(configuration[:except]).any? && (Array(configuration[:except]) & parsed_cookie.keys).none?) true else false end end
# File lib/secure_headers/headers/cookie.rb, line 100 def flag_samesite? return false if config == OPT_OUT || config[:samesite] == OPT_OUT flag_samesite_lax? || flag_samesite_strict? end
# File lib/secure_headers/headers/cookie.rb, line 113 def flag_samesite_enforcement?(mode) return unless config[:samesite] if config[:samesite].is_a?(TrueClass) && mode == :lax return true end case config[:samesite][mode] when Hash conditionally_flag?(config[:samesite][mode]) when TrueClass true else false end end
# File lib/secure_headers/headers/cookie.rb, line 105 def flag_samesite_lax? flag_samesite_enforcement?(:lax) end
# File lib/secure_headers/headers/cookie.rb, line 109 def flag_samesite_strict? flag_samesite_enforcement?(:strict) end
# File lib/secure_headers/headers/cookie.rb, line 130 def parse(cookie) return unless cookie cookie.split(/[;,]\s?/).each do |pairs| name, values = pairs.split("=", 2) name = CGI.unescape(name) attribute = name.downcase.to_sym if @attributes.has_key?(attribute) @attributes[attribute] = values || true end end end