kore

An easy to use, scalable and secure web application framework for writing web APIs in C.
Commits | Files | Refs | README | LICENSE | git clone https://git.kore.io/kore.git

commit 3d24b652688bcb3346b413a3118fd231594b66b7
parent c87a9286b4aa0595542a0d0e849f0e984a3160fa
Author: Joris Vink <joris@coders.se>
Date:   Fri, 10 Mar 2017 14:20:40 +0100

Change default http_cookie behaviour.

We now default to httponly & secure for newly created cookies.

This should've been the default all along.

The http_response_cookie() no longer returns a pointer to http_cookie
but rather takes it as a parameter and will populate the pointer with
the newly created http_cookie if not NULL.

Additionally http_response_cookie() automatically sets the domain
based on the http_request passed into the function.

Diffstat:
examples/cookies/src/cookies.c | 8+++-----
includes/http.h | 8++++----
src/http.c | 13+++++++------
3 files changed, 14 insertions(+), 15 deletions(-)

diff --git a/examples/cookies/src/cookies.c b/examples/cookies/src/cookies.c @@ -37,14 +37,12 @@ serve_cookies(struct http_request *req) kore_log(LOG_DEBUG, "Got formatted: %s", value); /* set simple cookie */ - http_response_cookie(req, "Simple", "Hello World!", 0); + http_response_cookie(req, "Simple", "Hello World!", NULL); /* set complex cookie */ - cookie = http_response_cookie(req, "Complex", "Secure Value!", - HTTP_COOKIE_HTTPONLY | HTTP_COOKIE_SECURE); - cookie ->path = kore_strdup("/secure"); + http_response_cookie(req, "Complex", "Secure Value!", &cookie); + cookie->path = kore_strdup("/secure"); cookie->expires = time(NULL) + 1 * 60 * 60; - cookie->domain = kore_strdup(req->host); /* set formatted cookie */ http_response_header(req, "set-cookie", diff --git a/includes/http.h b/includes/http.h @@ -259,17 +259,17 @@ void http_response_stream(struct http_request *, int, void *, size_t, int (*cb)(struct netbuf *), void *); int http_request_header(struct http_request *, const char *, char **); -int http_request_cookie(struct http_request *, - const char *, char **); void http_response_header(struct http_request *, const char *, const char *); -struct http_cookie *http_response_cookie(struct http_request *, - char *, char *, u_int16_t); int http_request_new(struct connection *, const char *, const char *, const char *, const char *, struct http_request **); int http_state_run(struct http_state *, u_int8_t, struct http_request *); +int http_request_cookie(struct http_request *, + const char *, char **); +void http_response_cookie(struct http_request *, + const char *, const char *, struct http_cookie **); int http_argument_urldecode(char *); int http_header_recv(struct netbuf *); diff --git a/src/http.c b/src/http.c @@ -1017,9 +1017,9 @@ http_file_rewind(struct http_file *file) file->offset = 0; } -struct http_cookie * -http_response_cookie(struct http_request *req, char *name, char *val, - u_int16_t flags) +void +http_response_cookie(struct http_request *req, const char *name, + const char *val, struct http_cookie **out) { struct http_cookie *ck; @@ -1031,14 +1031,15 @@ http_response_cookie(struct http_request *req, char *name, char *val, ck->expires = 0; ck->maxage = -1; ck->path = NULL; - ck->domain = NULL; - ck->flags = flags; ck->name = kore_strdup(name); ck->value = kore_strdup(val); + ck->domain = kore_strdup(req->host); + ck->flags = HTTP_COOKIE_HTTPONLY | HTTP_COOKIE_SECURE; TAILQ_INSERT_TAIL(&(req->resp_cookies), ck, list); - return (ck); + if (out != NULL) + *out = ck; } void