kore

commit 3d24b652688bcb3346b413a3118fd231594b66b7
parent c87a9286b4aa0595542a0d0e849f0e984a3160fa
Author: Joris Vink <joris@coders.se>
Date:   Fri, 10 Mar 2017 14:20:40 +0100

Change default http_cookie behaviour.

We now default to httponly & secure for newly created cookies.

This should've been the default all along.

The http_response_cookie() no longer returns a pointer to http_cookie
but rather takes it as a parameter and will populate the pointer with
the newly created http_cookie if not NULL.

Additionally http_response_cookie() automatically sets the domain
based on the http_request passed into the function.

Diffstat:
examples/cookies/src/cookies.c
 | 
8
+++-----
includes/http.h
 | 
8
++++----
src/http.c
 | 
13
+++++++------

3 files changed, 14 insertions(+), 15 deletions(-)
diff --git a/examples/cookies/src/cookies.c b/examples/cookies/src/cookies.c
@@ -37,14 +37,12 @@ serve_cookies(struct http_request *req)
 		kore_log(LOG_DEBUG, "Got formatted: %s", value);
 
 	/* set simple cookie */
-	http_response_cookie(req, "Simple", "Hello World!", 0);
+	http_response_cookie(req, "Simple", "Hello World!", NULL);
 
 	/* set complex cookie */
-	cookie = http_response_cookie(req, "Complex", "Secure Value!",
-	    HTTP_COOKIE_HTTPONLY | HTTP_COOKIE_SECURE);
-	cookie ->path = kore_strdup("/secure");
+	http_response_cookie(req, "Complex", "Secure Value!", &cookie);
+	cookie->path = kore_strdup("/secure");
 	cookie->expires = time(NULL) + 1 * 60 * 60;
-	cookie->domain = kore_strdup(req->host);
 
 	/* set formatted cookie */
 	http_response_header(req, "set-cookie",
diff --git a/includes/http.h b/includes/http.h
@@ -259,17 +259,17 @@ void		http_response_stream(struct http_request *, int, void *,
 		    size_t, int (*cb)(struct netbuf *), void *);
 int		http_request_header(struct http_request *,
 		    const char *, char **);
-int 	http_request_cookie(struct http_request *,
-			const char *, char **);
 void		http_response_header(struct http_request *,
 		    const char *, const char *);
-struct http_cookie	*http_response_cookie(struct http_request *, 
-			char *, char *, u_int16_t);
 int		http_request_new(struct connection *, const char *,
 		    const char *, const char *, const char *,
 		    struct http_request **);
 int		http_state_run(struct http_state *, u_int8_t,
 		    struct http_request *);
+int	 	http_request_cookie(struct http_request *,
+		    const char *, char **);
+void		http_response_cookie(struct http_request *,
+		    const char *, const char *, struct http_cookie **);
 
 int		http_argument_urldecode(char *);
 int		http_header_recv(struct netbuf *);
diff --git a/src/http.c b/src/http.c
@@ -1017,9 +1017,9 @@ http_file_rewind(struct http_file *file)
 	file->offset = 0;
 }
 
-struct http_cookie *
-http_response_cookie(struct http_request *req, char *name, char *val,
-    u_int16_t flags)
+void
+http_response_cookie(struct http_request *req, const char *name,
+    const char *val, struct http_cookie **out)
 {
 	struct http_cookie	*ck;
 
@@ -1031,14 +1031,15 @@ http_response_cookie(struct http_request *req, char *name, char *val,
 	ck->expires = 0;
 	ck->maxage = -1;
 	ck->path = NULL;
-	ck->domain = NULL;
-	ck->flags = flags;
 	ck->name = kore_strdup(name);
 	ck->value = kore_strdup(val);
+	ck->domain = kore_strdup(req->host);
+	ck->flags = HTTP_COOKIE_HTTPONLY | HTTP_COOKIE_SECURE;
 
 	TAILQ_INSERT_TAIL(&(req->resp_cookies), ck, list);
 
-	return (ck);
+	if (out != NULL)
+		*out = ck;
 }
 
 void