Class: RubyNative::TunnelCookieMiddleware

Inherits:

Object

Object
RubyNative::TunnelCookieMiddleware

show all

Defined in:: lib/ruby_native/tunnel_cookie_middleware.rb

Overview

Strips the domain= attribute from Set-Cookie headers when the request comes through a Cloudflare tunnel (*.trycloudflare.com).

Many Rails apps configure ‘domain: :all, tld_length: 2` on their session store. Through a tunnel this resolves to .trycloudflare.com, a public suffix domain. Browsers and WKWebView silently reject those cookies, breaking authentication.

Removing the domain attribute lets the cookie scope to the exact tunnel hostname (e.g. abc-123.trycloudflare.com) so it persists normally.

Constant Summary collapse

TUNNEL_HOST_PATTERN =

/\.trycloudflare\.com\z/

Instance Method Summary collapse

#call(env) ⇒ Object
#initialize(app) ⇒ TunnelCookieMiddleware constructor

A new instance of TunnelCookieMiddleware.

Constructor Details

#initialize(app) ⇒ `TunnelCookieMiddleware`

Returns a new instance of TunnelCookieMiddleware.



15
16
17

# File 'lib/ruby_native/tunnel_cookie_middleware.rb', line 15

def initialize(app)
  @app = app
end

Instance Method Details

#call(env) ⇒ `Object`

# File 'lib/ruby_native/tunnel_cookie_middleware.rb', line 19

def call(env)
  status, headers, body = @app.call(env)

  if tunnel_request?(env) && headers["set-cookie"]
    strip_cookie_domain!(headers)
  end

  [status, headers, body]
end