Added ability to set cookie without escaping. #126

Satbek · 2020-06-25T15:14:04Z

resp:setcookie implicitly escaped cookie values. Added ability to set cookie without any escaping resp:setcookie('name', 'value', {raw = true}).
Also added escaping for cookie path, and changed escaping algorithm according to https://tools.ietf.org/html/rfc6265.

Closes #114

printercu · 2020-06-25T16:11:24Z

http/utils.lua

+    return string.format('%%%02X', string.byte(char))
+end
+
+local function base_unescape(char)


is it base16_decode/encode?

printercu · 2020-06-25T16:13:50Z

http/router/response.lua

+    if options == nil then
+        options = {}
+    end
+    options = utils.extend({raw = false}, options, true)


I think this line is unnecessary, because if not {}.raw is the same as if not {raw = false}.raw.

what about options = options or {}?

printercu · 2020-06-25T16:21:46Z

test/unit/setcookie_test.lua

+    for case_name, case in pairs(test_table) do
+        local resp = get_object()
+        resp:setcookie({ name='name', value = case.value })
+        t.assert_equals(resp.headers['set-cookie'], {"name=" .. case.result}, case_name)


just a tip. such loops can be written in this way

local function assert_escaped_value(input, expected) ... end assert_escaped_value("f f", 'f%20f') assert_escaped_value('f"f', 'f%22f')

`resp:setcookie` implicitly escaped cookie values. Added ability to set cookie without any escaping `resp:setcookie('name', 'value', {raw = true})`. Also added escaping for cookie path, and changed escaping algorithm according to https://tools.ietf.org/html/rfc6265. `req:cookie` implicitly unescaped cookie values. Added ability to get cookie without unescaping `req:cookie('name', {raw = true})`.

TODO: add unit tests Method resp:setcookie() implicitly escapes cookie values. Commit adds ability to set cookie without any escaping with option 'raw': resp:setcookie('name', 'value', { raw = true })` Method req:cookie() implicitly unescapes cookie values. Commit adds ability to get cookie without unescaping: req:cookie('name', { raw = true }) Also added escaping of cookie path, and changed escaping algorithm according to [1]. These changes were added as a part of http v2 support in commit 'Added ability to set and get cookie without escaping' (42e3002) and later reverted in scope of ticket with discard v2. 1. https://tools.ietf.org/html/rfc6265 Follows up #126 Part of #134

TODO: server_requests.test_get_escaped_cookie is broken Method req:cookie() implicitly unescapes cookie values. Commit adds ability to get cookie without unescaping: req:cookie('name', { raw = true }) This change was added as a part of http v2 support in commit 'Added ability to set and get cookie without escaping' (42e3002) and later reverted in scope of ticket with discard v2. Follows up #126 Part of #134

TODO: broken test Method resp:setcookie() implicitly escapes cookie values. Commit adds ability to set cookie without any escaping with option 'raw': resp:setcookie('name', 'value', { raw = true })` This change was added as a part of http v2 support in commit 'Added ability to set and get cookie without escaping' (42e3002) and later reverted in scope of ticket with discard v2. Follows up #126 Part of #134 broken

TODO: server_requests.test_get_escaped_cookie is broken Method req:cookie() implicitly unescapes cookie values. Commit adds ability to get cookie without unescaping: req:cookie('name', { raw = true }) This change was added as a part of http v2 support in commit 'Added ability to set and get cookie without escaping' (42e3002) and later reverted in scope of ticket with discard v2. Follows up #126 Part of #134

TODO: broken test Method resp:setcookie() implicitly escapes cookie values. Commit adds ability to set cookie without any escaping with option 'raw': resp:setcookie('name', 'value', { raw = true })` This change was added as a part of http v2 support in commit 'Added ability to set and get cookie without escaping' (42e3002) and later reverted in scope of ticket with discard v2. Follows up #126 Part of #134 broken

TODO: server_requests.test_get_escaped_cookie is broken Method req:cookie() implicitly unescapes cookie values. Commit adds ability to get cookie without unescaping: req:cookie('name', { raw = true }) This change was added as a part of http v2 support in commit 'Added ability to set and get cookie without escaping' (42e3002) and later reverted in scope of ticket with discard v2. Follows up #126 Part of #134

TODO: broken test Method resp:setcookie() implicitly escapes cookie values. Commit adds ability to set cookie without any escaping with option 'raw': resp:setcookie('name', 'value', { raw = true })` This change was added as a part of http v2 support in commit 'Added ability to set and get cookie without escaping' (42e3002) and later reverted in scope of ticket with discard v2. Follows up #126 Part of #134 broken

Method req:cookie() implicitly unescapes cookie values. Commit adds ability to get cookie without unescaping: req:cookie('name', { raw = true }) This change was added as a part of http v2 support in commit 'Added ability to set and get cookie without escaping' (42e3002) and later reverted in scope of ticket with discard v2. Follows up #126 Part of #134

Method resp:setcookie() implicitly escapes cookie values. Commit adds ability to set cookie without any escaping with option 'raw': resp:setcookie('name', 'value', { raw = true })` Also added escaping for cookie path, and changed escaping algorithm according to RFC 6265 "HTTP State Management Mechanism", see [1]. This change was added as a part of http v2 support in commit 'Added ability to set and get cookie without escaping' (42e3002) and later reverted in scope of ticket with discard v2. 1. https://tools.ietf.org/html/rfc6265 Follows up #126 Part of #134