Download as
Browse Code »

Commit 53056ce224f1ad13af41ee8aa14e3da8cc398893

Authored by Antonio Terceiro
1 parent cb9b3dd2
Exists in master and in 22 other branches angular_poc, api-article-archived, article-readonly, backup-7-jan-2016, captcha_serpro_plugin, content-manager-hostspot, export-comment-paragraph, fix_event_date_issue, login-captcha, master_rails3, new_video_plugin, pg_search_rank, production, refactor_with_role, refactor_with_role_scope, remove_profile_cat_icons, resend_confirmation_email, staging, staging_rails3, tasks_keep_filter_params, theme-brasil-digital-from-staging, travis

Make sure well-behaved plugin cookies always pass through

Showing 3 changed files with 16 additions and 7 deletions   Show diff stats
etc/noosfero/varnish-noosfero.vcl
  Diff comments   View file @53056ce
1 sub vcl_recv { 1 sub vcl_recv {
2 if (req.request == "GET" || req.request == "HEAD") { 2 if (req.request == "GET" || req.request == "HEAD") {
3 if (req.http.Cookie) { 3 if (req.http.Cookie) {
4 - # We only care about the "_noosfero_session.*" cookie, used for  
5 - # authentication.  
6 - if (req.http.Cookie !~ "_noosfero_session.*" ) { 4 + # We only care about the "_noosfero_.*" cookies, used by Noosfero
  5 + if (req.http.Cookie !~ "_noosfero_.*" ) {
7 # strip all cookies 6 # strip all cookies
8 unset req.http.Cookie; 7 unset req.http.Cookie;
9 } 8 }
plugins/shopping_cart/controllers/shopping_cart_plugin_controller.rb
  Diff comments   View file @53056ce
@@ -290,7 +290,7 @@ class ShoppingCartPluginController < PublicController @@ -290,7 +290,7 @@ class ShoppingCartPluginController < PublicController
290 end 290 end
291 291
292 def cookie_key 292 def cookie_key
293 - :_noosfero_session_shopping_cart 293 + :_noosfero_plugin_shopping_cart
294 end 294 end
295 295
296 end 296 end
vendor/plugins/noosfero_caching/init.rb
  Diff comments   View file @53056ce
@@ -38,13 +38,23 @@ module NoosferoHttpCaching @@ -38,13 +38,23 @@ module NoosferoHttpCaching
38 def call(env) 38 def call(env)
39 status, headers, body = @app.call(env) 39 status, headers, body = @app.call(env)
40 if headers['X-Noosfero-Auth'] == 'false' 40 if headers['X-Noosfero-Auth'] == 'false'
41 - # FIXME do not do this if there is any plugin cookie set (e.g.  
42 - # _noosfero_session_shopping_cart)  
43 - headers.delete('Set-Cookie') 41 + headers['Set-Cookie'] = remove_unwanted_cookies(headers['Set-Cookie'])
44 end 42 end
45 headers.delete('X-Noosfero-Auth') 43 headers.delete('X-Noosfero-Auth')
46 [status, headers, body] 44 [status, headers, body]
47 end 45 end
  46 +
  47 + protected
  48 +
  49 + # filter off all cookies except for plugin-provided ones that are
  50 + # path-specific (i.e path != "/").
  51 + def remove_unwanted_cookies(cookie_list)
  52 + return nil if cookie_list.nil?
  53 + cookie_list.select do |c|
  54 + c =~ /^_noosfero_plugin_\w+=/ && c =~ /path=\/\w+/
  55 + end
  56 + end
  57 +
48 end 58 end
49 59
50 end 60 end