Add ability to set cookie without escaping

TODO: broken test Method resp:setcookie() implicitly escapes cookie values. Commit adds ability to set cookie without any escaping with option 'raw': resp:setcookie('name', 'value', { raw = true })` This change was added as a part of http v2 support in commit 'Added ability to set and get cookie without escaping' (42e3002) and later reverted in scope of ticket with discard v2. Follows up #126 Part of #134 broken
tarantool · Oct 26, 2021 · 24f90d4 · 24f90d4
1 parent 3fe62a5
commit 24f90d4
Show file tree

Hide file tree

Showing 3 changed files with 54 additions and 3 deletions.
diff --git a/README.md b/README.md
@@ -240,8 +240,9 @@ end
 * `resp.status` - HTTP response code.
 * `resp.headers` - a Lua table with normalized headers.
 * `resp.body` - response body (string|table|wrapped\_iterator).
-* `resp:setcookie({ name = 'name', value = 'value', path = '/', expires = '+1y', domain = 'example.com'))` -
-  adds `Set-Cookie` headers to `resp.headers`.
+* `resp:setcookie({ name = 'name', value = 'value', path = '/', expires = '+1y', domain = 'example.com'}, {raw = true})` -
+  adds `Set-Cookie` headers to `resp.headers`, if `raw` option was set then cookie will not be escaped,
+  otherwise cookie's value and path will be escaped
 
 ### Examples
 

diff --git a/http/server.lua b/http/server.lua
@@ -265,7 +265,8 @@ local function expires_str(str)
     return os.date(fmt, gmtnow + diff)
 end
 
-local function setcookie(resp, cookie)
+local function setcookie(resp, cookie, options)
+    options = options or {}
     local name = cookie.name
     local value = cookie.value
 

diff --git a/test/integration/http_server_requests_test.lua b/test/integration/http_server_requests_test.lua
@@ -261,6 +261,55 @@ pgroup.test_get_escaped_cookie = function(g)
     t.assert_equals(r.body, 'name=' .. str_non_escaped, 'body with escaped cookie')
 end
 
+-- Set escaped cookie (Günter -> G%C3%BCnter).
+pgroup.test_set_escaped_cookie = function(g)
+    local str_escaped = 'G%C3%BCnter'
+    local str_non_escaped = 'Günter'
+
+    local httpd = g.httpd
+    httpd:route({
+        path = '/cookie'
+    }, function(req)
+        local resp = req:render({
+            text = ''
+        })
+        resp:setcookie({
+            name = 'name',
+            value = str_non_escaped
+        })
+        return resp
+    end)
+
+    local r = http_client.get(helpers.base_uri .. '/cookie')
+    t.assert_equals(r.status, 200, 'response status')
+    t.assert_equals(r.headers['set-cookie'], 'name=' .. str_escaped, 'header with escaped cookie')
+end
+
+-- Set raw cookie (Günter -> Günter).
+pgroup.test_set_raw_cookie = function(g)
+    t.skip('Broken')
+    local cookie = 'Günter'
+    local httpd = g.httpd
+    httpd:route({
+        path = '/cookie'
+    }, function(req)
+        local resp = req:render({
+            text = ''
+        })
+        resp:setcookie({
+            name = 'name',
+            value = cookie
+        }, {
+            raw = true
+        })
+        return resp
+    end)
+
+    local r = http_client.get(helpers.base_uri .. '/cookie')
+    t.assert_equals(r.status, 200, 'response status')
+    t.assert_equals(r.headers['set-cookie'], 'name=' .. cookie, 'header with raw cookie')
+end
+
 -- Request object methods.
 pgroup.test_request_object_methods = function(g)
     local httpd = g.httpd