mirror of
https://github.com/livebook-dev/livebook.git
synced 2024-09-20 10:05:57 +08:00
Fix invalid cookie naming - cookie names can't contain : (#2539)
Closes #2537 RFCs: * http://tools.ietf.org/html/rfc6265#section-4.1.1 * http://tools.ietf.org/html/rfc2616#section-2.2
This commit is contained in:
parent
8e11d6a571
commit
fa4addcb50
|
@ -143,9 +143,9 @@ if (hasCookiesAccess()) {
|
||||||
}
|
}
|
||||||
|
|
||||||
function hasCookiesAccess() {
|
function hasCookiesAccess() {
|
||||||
document.cookie = `lb:probe_cookie=;path=/${cookieOptions()}`;
|
document.cookie = `lb_probe_cookie=;path=/${cookieOptions()}`;
|
||||||
|
|
||||||
return document.cookie
|
return document.cookie
|
||||||
.split("; ")
|
.split("; ")
|
||||||
.some((cookie) => cookie.startsWith(`lb:probe_cookie=`));
|
.some((cookie) => cookie.startsWith(`lb_probe_cookie=`));
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,9 +1,9 @@
|
||||||
import { cookieOptions, decodeBase64, encodeBase64 } from "./utils";
|
import { cookieOptions, decodeBase64, encodeBase64 } from "./utils";
|
||||||
|
|
||||||
const USER_DATA_COOKIE = "lb:user_data";
|
const USER_DATA_COOKIE = "lb_user_data";
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Stores user data in the `"lb:user_data"` cookie.
|
* Stores user data in the `"lb_user_data"` cookie.
|
||||||
*/
|
*/
|
||||||
export function storeUserData(userData) {
|
export function storeUserData(userData) {
|
||||||
const json = JSON.stringify(userData);
|
const json = JSON.stringify(userData);
|
||||||
|
@ -12,7 +12,7 @@ export function storeUserData(userData) {
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Loads user data from the `"lb:user_data"` cookie.
|
* Loads user data from the `"lb_user_data"` cookie.
|
||||||
*/
|
*/
|
||||||
export function loadUserData() {
|
export function loadUserData() {
|
||||||
const encoded = getCookieValue(USER_DATA_COOKIE);
|
const encoded = getCookieValue(USER_DATA_COOKIE);
|
||||||
|
|
|
@ -6,7 +6,7 @@ defmodule LivebookWeb.Endpoint do
|
||||||
# Set :encryption_salt if you would also like to encrypt it.
|
# Set :encryption_salt if you would also like to encrypt it.
|
||||||
@session_options [
|
@session_options [
|
||||||
store: :cookie,
|
store: :cookie,
|
||||||
key: "lb:session",
|
key: "lb_session",
|
||||||
signing_salt: "deadbook"
|
signing_salt: "deadbook"
|
||||||
]
|
]
|
||||||
|
|
||||||
|
@ -126,7 +126,7 @@ defmodule LivebookWeb.Endpoint do
|
||||||
|
|
||||||
if cookie_size > 24576 do
|
if cookie_size > 24576 do
|
||||||
conn.cookies
|
conn.cookies
|
||||||
|> Enum.reject(fn {key, _value} -> String.starts_with?(key, "lb:") end)
|
|> Enum.reject(fn {key, _value} -> String.starts_with?(key, "lb_") end)
|
||||||
|> Enum.take(10)
|
|> Enum.take(10)
|
||||||
|> Enum.reduce(conn, fn {key, _value}, conn ->
|
|> Enum.reduce(conn, fn {key, _value}, conn ->
|
||||||
Plug.Conn.delete_resp_cookie(conn, key)
|
Plug.Conn.delete_resp_cookie(conn, key)
|
||||||
|
|
|
@ -48,7 +48,7 @@ defmodule LivebookWeb.UserPlug do
|
||||||
defp ensure_user_data(conn) when conn.halted, do: conn
|
defp ensure_user_data(conn) when conn.halted, do: conn
|
||||||
|
|
||||||
defp ensure_user_data(conn) do
|
defp ensure_user_data(conn) do
|
||||||
if Map.has_key?(conn.req_cookies, "lb:user_data") do
|
if Map.has_key?(conn.req_cookies, "lb_user_data") do
|
||||||
conn
|
conn
|
||||||
else
|
else
|
||||||
identity_data = get_session(conn, :identity_data)
|
identity_data = get_session(conn, :identity_data)
|
||||||
|
@ -58,7 +58,7 @@ defmodule LivebookWeb.UserPlug do
|
||||||
# We disable HttpOnly, so that it can be accessed on the client
|
# We disable HttpOnly, so that it can be accessed on the client
|
||||||
# and set expiration to 5 years
|
# and set expiration to 5 years
|
||||||
opts = [http_only: false, max_age: 157_680_000] ++ LivebookWeb.Endpoint.cookie_options()
|
opts = [http_only: false, max_age: 157_680_000] ++ LivebookWeb.Endpoint.cookie_options()
|
||||||
put_resp_cookie(conn, "lb:user_data", encoded, opts)
|
put_resp_cookie(conn, "lb_user_data", encoded, opts)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -74,7 +74,7 @@ defmodule LivebookWeb.UserPlug do
|
||||||
defp mirror_user_data_in_session(conn) when conn.halted, do: conn
|
defp mirror_user_data_in_session(conn) when conn.halted, do: conn
|
||||||
|
|
||||||
defp mirror_user_data_in_session(conn) do
|
defp mirror_user_data_in_session(conn) do
|
||||||
user_data = conn.cookies["lb:user_data"] |> Base.decode64!() |> Jason.decode!()
|
user_data = conn.cookies["lb_user_data"] |> Base.decode64!() |> Jason.decode!()
|
||||||
put_session(conn, :user_data, user_data)
|
put_session(conn, :user_data, user_data)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -4,7 +4,7 @@ defmodule LivebookWeb.EndpointTest do
|
||||||
test "delete cookies once they go over a certain limit", %{conn: conn} do
|
test "delete cookies once they go over a certain limit", %{conn: conn} do
|
||||||
cookies =
|
cookies =
|
||||||
Enum.map(1..5, &"c#{&1}=#{String.duplicate("a", 4096)}") ++
|
Enum.map(1..5, &"c#{&1}=#{String.duplicate("a", 4096)}") ++
|
||||||
Enum.map(1..5, &"lb:#{&1}=#{String.duplicate("a", 4096)}")
|
Enum.map(1..5, &"lb_#{&1}=#{String.duplicate("a", 4096)}")
|
||||||
|
|
||||||
assert [
|
assert [
|
||||||
"c1=;" <> _,
|
"c1=;" <> _,
|
||||||
|
@ -12,8 +12,8 @@ defmodule LivebookWeb.EndpointTest do
|
||||||
"c3=;" <> _,
|
"c3=;" <> _,
|
||||||
"c4=;" <> _,
|
"c4=;" <> _,
|
||||||
"c5=;" <> _,
|
"c5=;" <> _,
|
||||||
"lb:session" <> _,
|
"lb_session" <> _,
|
||||||
"lb:user_data" <> _
|
"lb_user_data" <> _
|
||||||
] =
|
] =
|
||||||
conn
|
conn
|
||||||
|> put_req_header("cookie", Enum.join(cookies, "; "))
|
|> put_req_header("cookie", Enum.join(cookies, "; "))
|
||||||
|
|
|
@ -38,7 +38,7 @@ defmodule LivebookWeb.UserPlugTest do
|
||||||
"hex_color" => <<_::binary>>,
|
"hex_color" => <<_::binary>>,
|
||||||
"id" => <<_::binary>>,
|
"id" => <<_::binary>>,
|
||||||
"name" => nil
|
"name" => nil
|
||||||
} = conn.cookies["lb:user_data"] |> Base.decode64!() |> Jason.decode!()
|
} = conn.cookies["lb_user_data"] |> Base.decode64!() |> Jason.decode!()
|
||||||
end
|
end
|
||||||
|
|
||||||
test "keeps user_data cookie if present" do
|
test "keeps user_data cookie if present" do
|
||||||
|
@ -48,10 +48,10 @@ defmodule LivebookWeb.UserPlugTest do
|
||||||
conn =
|
conn =
|
||||||
conn(:get, "/")
|
conn(:get, "/")
|
||||||
|> init_test_session(%{})
|
|> init_test_session(%{})
|
||||||
|> put_req_cookie("lb:user_data", cookie_value)
|
|> put_req_cookie("lb_user_data", cookie_value)
|
||||||
|> fetch_cookies()
|
|> fetch_cookies()
|
||||||
|> call()
|
|> call()
|
||||||
|
|
||||||
assert conn.cookies["lb:user_data"] == cookie_value
|
assert conn.cookies["lb_user_data"] == cookie_value
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in a new issue