Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ghttp: add cookie security configurations #1549

Merged
merged 6 commits into from
Mar 4, 2022
Merged

ghttp: add cookie security configurations #1549

merged 6 commits into from
Mar 4, 2022

Conversation

FlyingBlazer
Copy link
Contributor

Add configurations for cookie security properties:

  1. HttpOnly
  2. Secure
  3. SameSite

Pending Unit Test

Some questions:

  1. Should I keep backward compatibility on Cookie.SetCookie's httpOnly parameter?
  2. How to handle multiple optional parameters to keep code clean and clear?

@codecov-commenter
Copy link

codecov-commenter commented Jan 5, 2022
edited
Loading

Codecov Report

Merging #1549 (d045b4d) into master (f580713) will decrease coverage by 1.25%.
The diff coverage is 87.09%.

❗ Current head d045b4d differs from pull request most recent head 3bff71b. Consider uploading reports for the commit 3bff71b to get more accurate results

Impacted file tree graph

@@            Coverage Diff             @@
##           master    #1549      +/-   ##
==========================================
- Coverage   71.05%   69.79%   -1.26%     
==========================================
  Files         444      438       -6     
  Lines       42322    42447     +125     
==========================================
- Hits        30070    29625     -445     
- Misses      10357    10927     +570     
  Partials     1895     1895
Flag Coverage Δ
go-1.15 69.77% <87.09%> (-1.24%) ⬇️
go-1.16 69.76% <87.09%> (-1.27%) ⬇️
go-1.17 69.77% <87.09%> (-1.27%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
net/ghttp/ghttp_server_config.go 59.03% <ø> (-2.11%) ⬇️
net/ghttp/ghttp_server_config_cookie.go 61.53% <71.42%> (+11.53%) ⬆️
net/ghttp/ghttp_server_cookie.go 85.00% <100.00%> (+4.44%) ⬆️
os/gcmd/gcmd_scan.go 0.00% <0.00%> (-100.00%) ⬇️
os/gtime/gtime_time_wrapper.go 0.00% <0.00%> (-66.67%) ⬇️
os/gcmd/gcmd_command.go 55.00% <0.00%> (-45.00%) ⬇️
encoding/gjson/gjson_api_new_load.go 58.53% <0.00%> (-37.47%) ⬇️
database/gdb/gdb_schema.go 58.33% <0.00%> (-27.39%) ⬇️
encoding/gjson/gjson_implements.go 78.94% <0.00%> (-21.06%) ⬇️
os/gcmd/gcmd_parser.go 74.26% <0.00%> (-20.48%) ⬇️
... and 128 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update f580713...3bff71b. Read the comment docs.

gqcn
gqcn requested changes Jan 6, 2022
View reviewed changes
net/ghttp/ghttp_server_cookie.go Outdated
)
}

// SetCookie sets cookie item with given domain, path and expiration age.
// The optional parameter `httpOnly` specifies if the cookie item is only available in HTTP,
// which is usually empty.
func (c *Cookie) SetCookie(key, value, domain, path string, maxAge time.Duration, httpOnly ...bool) {
func (c *Cookie) SetCookie(key, value, domain, path string, maxAge time.Duration, extra ...map[string]interface{}) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@FlyingBlazer 感谢参与贡献!我这里建议使用struct结构化定义Cookie的额外参数,而不是通过非结构化的map。因此建议您可以定义一个CookieOption的结构体,将需要额外定义的参数使用结构化管理起来。

gqcn
gqcn requested changes Jan 12, 2022
View reviewed changes
net/ghttp/ghttp_server_cookie.go Outdated
@@ -21,6 +21,13 @@ type Cookie struct {
response *Response // Belonged HTTP response.
}

// CookieOptions provides security config for cookies
type CookieOptions struct {
sameSite http.SameSite // cookie SameSite property
Copy link
Member

@gqcn gqcn Jan 12, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

属性需要设置公开,否则使用者无法传递设置对应的Cookie选项。

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

抱歉一直没抽出来时间,已经改了

@gqcn gqcn marked this pull request as ready for review January 21, 2022 09:07
@FlyingBlazer FlyingBlazer requested a review from gqcn March 2, 2022 07:50
@gqcn gqcn merged commit 54bdabd into gogf:master Mar 4, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gqcn gqcn Awaiting requested review from gqcn

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@FlyingBlazer @codecov-commenter @gqcn