NSHTTPCookie: add support for HTTPOnly cookies

Add support for parsing HTTPOnly cookies (those that cannot be accessed by clients). Implement -[NSHTTPCookie isHTTPOnly].
2025-04-23 00:41:02 +00:00 · 2017-06-25 09:17:24 +10:00 · 2017-06-25 09:17:24 +10:00 · 644b676949
commit 644b676949
parent fae4ff3371
3 changed files with 24 additions and 0 deletions
--- a/Headers/Foundation/NSHTTPCookie.h
+++ b/Headers/Foundation/NSHTTPCookie.h
@ -220,6 +220,14 @@ extern NSString * const NSHTTPCookieVersion; /** Obtain cookie version */
 - (BOOL) isSessionOnly;
 #endif

+#if OS_API_VERSION(MAC_OS_X_VERSION_10_6,GS_API_LATEST)
+#if GS_HAS_DECLARED_PROPERTIES
+@property (readonly, getter=isHTTPOnly) BOOL HTTPOnly;
+#else
+- (BOOL) isHTTPOnly;
+#endif
+#endif
+
 /**
 * Returns the name of the receiver.
 */
--- a/Source/NSHTTPCookie.m
+++ b/Source/NSHTTPCookie.m
@ -59,6 +59,7 @@ NSString * const NSHTTPCookiePort = @"Port";
 NSString * const NSHTTPCookieSecure = @"Secure";
 NSString * const NSHTTPCookieValue = @"Value";
 NSString * const NSHTTPCookieVersion = @"Version";
+static NSString * const HTTPCookieHTTPOnly = @"HTTPOnly";

 // Internal data storage
 typedef struct {
@ -328,6 +329,11 @@ static NSRange GSRangeOfCookie(NSString *string);
  return [[this->_properties objectForKey: NSHTTPCookieSecure] boolValue];
 }

+- (BOOL) isHTTPOnly
+{
+  return [[this->_properties objectForKey: HTTPCookieHTTPOnly] boolValue];
+}
+
 - (BOOL) isSessionOnly
 {
  return [[this->_properties objectForKey: NSHTTPCookieDiscard] boolValue];
@ -690,6 +696,9 @@ _setCookieKey(NSMutableDictionary *dict, NSString *key, NSString *value)
  else if ([[key lowercaseString] isEqual: @"secure"])
    [dict setObject: [NSNumber numberWithBool: YES] 
 	     forKey: NSHTTPCookieSecure];
+  else if ([[key lowercaseString] isEqual:@"httponly"])
+    [dict setObject: [NSNumber numberWithBool: YES]
+             forKey: HTTPCookieHTTPOnly];
  else if ([[key lowercaseString] isEqual: @"version"])
    [dict setObject: value forKey: NSHTTPCookieVersion];
  return YES;
--- a/Tests/base/NSHTTPCookie/basic.m
+++ b/Tests/base/NSHTTPCookie/basic.m
@ -53,12 +53,19 @@ int main()
  	   "NSHTTPCookie returns proper value");
  PASS([[cookie domain] isEqual: [url host]], 
  	   "NSHTTPCookie returns proper domain");
+  PASS(![cookie isHTTPOnly], "Cookie is not http only");
  
  dict = [NSHTTPCookie requestHeaderFieldsWithCookies: cookies];
  PASS_EQUAL([dict objectForKey: @"Cookie"],
    @"S=calendar=R7tjDKqNB5L8YTZSvf29Bg",
    "NSHTTPCookie can generate proper cookie");

+  dict = [NSDictionary dictionaryWithObject:
+    @"SessionId=xxx;HttpOnly;" forKey: @"Set-Cookie"];
+  cookies= [NSHTTPCookie cookiesWithResponseHeaderFields: dict forURL: url];
+  cookie = [cookies objectAtIndex:0];
+  PASS([cookie isHTTPOnly], "NSHTTPCookie is HTTPOnly");
+  
  [arp release]; arp = nil;
  return 0;
 }