From 8fd166435fa1247bdd34cc448ac84d776edbee50 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Even=20O=2E=20Rogstadkj=C3=A6rnet?= Date: Tue, 8 Nov 2022 10:29:23 +0100 Subject: [PATCH] Add secure field to removal cookie (#300) Closes https://github.com/actix/actix-extras/issues/299 --- actix-session/CHANGES.md | 2 ++ actix-session/src/middleware.rs | 1 + actix-session/tests/middleware.rs | 2 +- 3 files changed, 4 insertions(+), 1 deletion(-) diff --git a/actix-session/CHANGES.md b/actix-session/CHANGES.md index 0dd47e5be..44da7fe39 100644 --- a/actix-session/CHANGES.md +++ b/actix-session/CHANGES.md @@ -1,7 +1,9 @@ # Changes ## Unreleased - 2021-xx-xx +- Set secure attribute when adding a session removal cookie. [#300] +[#300]: https://github.com/actix/actix-extras/pull/300 ## 0.7.2 - 2022-09-11 - Set SameSite attribute when adding a session removal cookie. [#284] diff --git a/actix-session/src/middleware.rs b/actix-session/src/middleware.rs index 9a055c9fd..9bab74bf3 100644 --- a/actix-session/src/middleware.rs +++ b/actix-session/src/middleware.rs @@ -444,6 +444,7 @@ fn delete_session_cookie( ) -> Result<(), anyhow::Error> { let removal_cookie = Cookie::build(config.name.clone(), "") .path(config.path.clone()) + .secure(config.secure) .http_only(config.http_only) .same_site(config.same_site); diff --git a/actix-session/tests/middleware.rs b/actix-session/tests/middleware.rs index 8b9f278c4..5058b8b11 100644 --- a/actix-session/tests/middleware.rs +++ b/actix-session/tests/middleware.rs @@ -48,7 +48,7 @@ async fn cookie_storage() -> std::io::Result<()> { let deletion_cookie = logout_response.response().cookies().next().unwrap(); assert_eq!(deletion_cookie.name(), "id"); assert_eq!(deletion_cookie.path().unwrap(), "/test"); - assert!(deletion_cookie.secure().is_none()); + assert!(deletion_cookie.secure().unwrap()); assert!(deletion_cookie.http_only().unwrap()); assert_eq!(deletion_cookie.max_age().unwrap(), Duration::ZERO); assert_eq!(deletion_cookie.domain().unwrap(), "localhost");