vweb: secure HttpOnly cookies

2023-08-10 21:13:21 +03:00 · 2019-12-11 03:20:30 +03:00 · 2019-12-11 03:20:30 +03:00 · f286387647
commit f286387647
parent cdfbb2978d
3 changed files with 8 additions and 3 deletions
--- a/vlib/builtin/string_test.v
+++ b/vlib/builtin/string_test.v
@ -233,6 +233,11 @@ fn test_replace_each() {
 		'[code]', '<code>',
 		'[/code]', '</code>'
 	]) == '<b>bold</b> <code>code</code>'
+	bb2 := '[b]cool[/b]'
+	assert bb2.replace_each([
+		'[b]', '<b>',
+		'[/b]', '</b>',
+	]) == '<b>cool</b>'
 }

 fn test_itoa() {
--- a/vlib/vweb/tmpl/tmpl.v
+++ b/vlib/vweb/tmpl/tmpl.v
@ -76,7 +76,7 @@ _ = header
 		}
 		// HTML, may include `@var`
 		else {
-			s.writeln(line.replace('@', '\x24').replace('\'', '"') )
+			s.writeln(line.replace('@', '\x24').replace("'", '"') )
 		}
 	}
 	s.writeln(STR_END)
--- a/vlib/vweb/vweb.v
+++ b/vlib/vweb/vweb.v
@ -74,11 +74,11 @@ pub fn (ctx Context) not_found(s string) {

 pub fn (ctx mut Context) set_cookie(key, val string) { // TODO support directives, escape cookie value (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie)
 	//println('Set-Cookie $key=$val')
-	ctx.add_header('Set-Cookie', '$key=$val')
+	ctx.add_header('Set-Cookie', '$key=$val;  Secure; HttpOnly')
 }

 pub fn (ctx &Context) get_cookie(key string) ?string { // TODO refactor
-	cookie_header := ' ' + ctx.get_header('Cookie')
+	cookie_header := ' ' + ctx.get_header('cookie')
 	cookie := if cookie_header.contains(';') {
 		cookie_header.find_between(' $key=', ';')
 	} else {