Refactor Set-Cookie/Cookie header parsing to follow RFC6265

RFC6265 obsoletes RFC2965 and RFC2109. #setcookie{} and #cookie{} are changed to reflect this new RFC. So, yaws_api:parse_set_cookie/1 and yaws_api:parse_cookie/1 are refactored accordingly: * yaws_api:parse_set_cookie/1: Because RFC2109 and RFC2965 are still used, we try to be backward compatible with these old RFCs. So this function returns a #setcookie{} record when only one cookie is found else it returns a list of #setcookie{} records. in RFC2109 and RFC2965, cookies are separated by comma. So, comma is forbidden in 'path-av' and 'extension-av' except for double-quoted value. The parsing are not really strict because of the compatibility and can lead to unwanted behaviors. Old attributes (like 'Comment' or 'Port') are still parsed and can be found into #setcookie.extensions field. * yaws_api:parse_cookie/1: This function follows the RFC6265, so all cookie attributes (like '$Domain' or '$Path') are parsed like any other cookie.
GokulEvuri · Jul 10, 2012 · ba07506 · ba07506
1 parent a721cfc
commit ba07506
Show file tree

Hide file tree

Showing 6 changed files with 718 additions and 372 deletions.
diff --git a/include/yaws_api.hrl b/include/yaws_api.hrl
@@ -87,30 +87,21 @@
          querypart = []}).
 
 
--record(setcookie,{
-            key,
-            value,
-            quoted = false,
-            comment,
-            comment_url,
-            discard = false,
-            domain,
-            max_age,
-            expires,
-            path,
-            port,
-            secure = false,
-            version}).
-
-
--record(cookie,{
-            key,
-            value,
-            quoted = false,
-            version = "0",
-            domain,
-            path,
-            port}).
+-record(setcookie, {key,
+                    value,
+                    quoted = false,
+                    domain,
+                    max_age,
+                    expires,
+                    path,
+                    secure = false,
+                    http_only = false,
+                    extensions = []}).
+
+
+-record(cookie, {key,
+                 value,
+                 quoted = false}).
 
 
 -record(redir_self, {

diff --git a/man/yaws_api.5 b/man/yaws_api.5
@@ -140,64 +140,56 @@ is returned as a string.
 
 .TP
 \fBparse_set_cookie(Str)\fR
-This function parses the value of a \fBSet-Cookie\fR header. Because multiple
-cookies can be set in a single \fBSet-Cookie\fR header, this function returns a
-list of \fI#setcookie{}\fR records. If no cookie was found or if an error
-occurred, it returns [].
+This function parses the value of a \fBSet-Cookie\fR header, following the
+RFC6265. Because old RFCs (2109 and 2965) are still used, it is backward
+compatible. So this function returns a \fI#setcookie{}\fR record when only one
+cookie is found. If multiple cookies are set in a single \fBSet-Cookie\fR
+header, it returns a list of \fI#setcookie{}\fR records. If no cookie was found
+or if an error occurred, it returns [].
 
 \fI#setcookie{}\fR record is defined in \fIyaws_api.hrl\fR:
 \fI
 .nf
 
--record(setcookie, {
-          key,
-          value,
-          quoted = false,
-          comment,
-          comment_url,
-          discard = false,
-          domain,
-          max_age,
-          expires,
-          path,
-          port,
-          secure = false,
-          version
-         }).
+-record(setcookie, {key,
+                    value,
+                    quoted = false,
+                    domain,
+                    max_age,
+                    expires,
+                    path,
+                    secure = false,
+                    http_only = false,
+                    extensions = []}).
 .fi
 \fR
 
 .TP
 \fBparse_cookie(Str)\fR
-This function does the same thing than \fBparse_set_cookie/1\fR but for the
-value of a \fBCookie\fR header. It returns a list of \fI#cookie{}\fR records. If
-no cookie was found or if an error occurred, it returns [].
+
+This function parses the value of \fBCookie\fR header, following the RFC6265. It
+returns a list of \fI#cookie{}\fR records. If no cookie was found or if an error
+occurred, it returns [].
 
 \fI#cookie{}\fR record is defined in \fIyaws_api.hrl\fR:
 \fI
 .nf
 
--record(cookie, {
-          key,
-          value,
-          quoted = false,
-          version = "0",
-          domain,
-          path,
-          port}).
-         }).
+-record(cookie, {key,
+                 value,
+                 quoted = false}).
 .fi
 \fR
 
 .TP
-\fBformat_set_cookie(Str)\fR
+\fBformat_set_cookie(SetCookie)\fR
 Build a cookie string from a \fI#setcookie{}\fR record like returned by
 \fBparse_set_cookie/1\fR.
 
 .TP
-\fBformat_cookie(Str)\fR
-Build a cookie string from a \fI#cookie{}\fR record like returned by
-\fBparse_cookie/1\fR.
+\fBformat_cookie(Cookie | [Cookie])\fR
+Build a cookie string from a \fI#cookie{}\fR record (or a list or records) like
+returned by \fBparse_cookie/1\fR.
 
 .TP
 \fBredirect(Url)\fR