From b367f07d56e8f4a7cb5e7bb5af35d03bf9479925 Mon Sep 17 00:00:00 2001 From: Denis Kolodin Date: Mon, 23 Jul 2018 12:29:25 +0300 Subject: [PATCH] Add http_only flag to CookieSessionBackend --- CHANGES.md | 1 + src/middleware/session.rs | 10 +++++++++- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/CHANGES.md b/CHANGES.md index d83736eb..04c004fa 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -6,6 +6,7 @@ * Fixed default_resource 'not yet implemented' panic #410 +* Add `CookieSessionBackend::http_only` method to set `HttpOnly` directive of cookies ## [0.7.0] - 2018-07-21 diff --git a/src/middleware/session.rs b/src/middleware/session.rs index 40ba0f4d..cc7aab6b 100644 --- a/src/middleware/session.rs +++ b/src/middleware/session.rs @@ -358,6 +358,7 @@ struct CookieSessionInner { path: String, domain: Option, secure: bool, + http_only: bool, max_age: Option, same_site: Option, } @@ -371,6 +372,7 @@ impl CookieSessionInner { path: "/".to_owned(), domain: None, secure: true, + http_only: true, max_age: None, same_site: None, } @@ -388,7 +390,7 @@ impl CookieSessionInner { let mut cookie = Cookie::new(self.name.clone(), value); cookie.set_path(self.path.clone()); cookie.set_secure(self.secure); - cookie.set_http_only(true); + cookie.set_http_only(self.http_only); if let Some(ref domain) = self.domain { cookie.set_domain(domain.clone()); @@ -532,6 +534,12 @@ impl CookieSessionBackend { self } + /// Sets the `http_only` field in the session cookie being built. + pub fn http_only(mut self, value: bool) -> CookieSessionBackend { + Rc::get_mut(&mut self.0).unwrap().http_only = value; + self + } + /// Sets the `same_site` field in the session cookie being built. pub fn same_site(mut self, value: SameSite) -> CookieSessionBackend { Rc::get_mut(&mut self.0).unwrap().same_site = Some(value);