DRAFT - Use stateful CookieJar in Redirector

As [mentioned](..httprb/issues/264#issuecomment-157070867) in httprb#264, CookieJar implements cookie domain scoping rules, which is useful when issuing redirects across domains. Resolves: httprb#264
Kache · Jun 15, 2020 · 5998288 · 5998288
1 parent dbc73e3
commit 5998288
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 2 deletions.
diff --git a/lib/http/redirector.rb b/lib/http/redirector.rb
@@ -39,9 +39,11 @@ class EndlessRedirectError < TooManyRedirectsError; end
     # @param [Hash] opts
     # @option opts [Boolean] :strict (true) redirector hops policy
     # @option opts [#to_i] :max_hops (5) maximum allowed amount of hops
+    # @option opts [HTTP::CookieJar] :jar (HTTP::CookieJar.new) stateful CookieJar used across hops
     def initialize(opts = {}) # rubocop:disable Style/OptionHash
       @strict   = opts.fetch(:strict, true)
       @max_hops = opts.fetch(:max_hops, 5).to_i
+      @jar      = opts.fetch(:jar, CookieJar.new)
     end
 
     # Follows redirects until non-redirect response found
@@ -50,6 +52,19 @@ def perform(request, response)
       @response = response
       @visited  = []
 
+      # load first request's cookies into CookieJar,
+      # treating them as if they were there to begin with
+      sent_cookie_header = @request.headers.get(HTTP::Headers::COOKIE).join('; ')
+      sent_cookie_header.split('; ').each do |name_val|
+        name, value = name_val.split('=', 2)
+        @jar.add(HTTP::Cookie.new(
+          name:   name,
+          value:  value,
+          origin: request.uri,
+          secure: request.uri.https?
+        ))
+      end
+
       while REDIRECT_CODES.include? @response.status.code
         @visited << "#{@request.verb} #{@request.uri}"
 
@@ -61,6 +76,7 @@ def perform(request, response)
         # XXX(ixti): using `Array#inject` to return `nil` if no Location header.
         @request  = redirect_to(@response.headers.get(Headers::LOCATION).inject(:+))
         @response = yield @request
+        @response.cookies.inject(@jar, :<<)
       end
 
       @response
@@ -94,8 +110,10 @@ def redirect_to(uri)
       end
 
       verb = :get if !SEE_OTHER_ALLOWED_VERBS.include?(verb) && 303 == code
+      redirect_uri = @request.uri.join(uri)
+      cookies_raw = @jar.each(redirect_uri).map(&:cookie_value).join('; ')
 
-      @request.redirect(uri, verb)
+      @request.redirect(uri, verb, cookies_raw: cookies_raw)
     end
   end
 end
diff --git a/lib/http/request.rb b/lib/http/request.rb
@@ -97,9 +97,10 @@ def initialize(opts)
     end
 
     # Returns new Request with updated uri
-    def redirect(uri, verb = @verb)
+    def redirect(uri, verb = @verb, cookies_raw: nil)
       headers = self.headers.dup
       headers.delete(Headers::HOST)
+      headers[Headers::COOKIE] = cookies_raw if cookies_raw
 
       self.class.new(
         :verb           => verb,