Class: DceLti::Middleware::CookielessSessions

Inherits:

Rack::Plastic

Object
Rack::Plastic
DceLti::Middleware::CookielessSessions

show all

Defined in:: lib/dce_lti/middleware/cookieless_sessions.rb

Instance Method Summary collapse

#change_nokogiri_doc(doc) ⇒ Object

Instance Method Details

#change_nokogiri_doc(doc) ⇒ `Object`

# File 'lib/dce_lti/middleware/cookieless_sessions.rb', line 6

def change_nokogiri_doc(doc)
  if no_cookies? || shimmed_cookie?
    doc.css('a').each do |a|
      href = a[:href]

      next unless local_url?(href)
      next if url_has_key_already?(href)

      if href.match(/\?/)
        a[:href] += "&#{session_key_name}=#{session_id}"
      else
        a[:href] += "?#{session_key_name}=#{session_id}"
      end
    end

    doc.css('form').each do |form|
      action = form[:action]
      next unless local_url?(action)
      next if url_has_key_already?(action)

      # For PATCH, PUT, DELETE and POST, which allow
      # params mixed in the action and the form.
      if action.match(/\?/)
        form[:action] += "&#{session_key_name}=#{session_id}"
      else
        form[:action] += "?#{session_key_name}=#{session_id}"
      end

      # For GET, oddly. GET method forms stomp all params encoded
      # in the action
      input_node = Nokogiri::XML::Node.new('input', doc)
      input_node[:type] = 'hidden'
      input_node[:name] = session_key_name
      input_node[:value] = session_id
      form.children.first.add_previous_sibling(
        input_node
      )
    end
  end
  doc
end

Class: DceLti::Middleware::CookielessSessions

Instance Method Summary collapse

Instance Method Details

#change_nokogiri_doc(doc) ⇒ Object

#change_nokogiri_doc(doc) ⇒ `Object`