Class: Gitlab::Middleware::SameSiteCookies
- Inherits:
-
Object
- Object
- Gitlab::Middleware::SameSiteCookies
- Defined in:
- lib/gitlab/middleware/same_site_cookies.rb
Constant Summary collapse
- COOKIE_SEPARATOR =
"\n"
Instance Method Summary collapse
- #call(env) ⇒ Object
-
#initialize(app) ⇒ SameSiteCookies
constructor
A new instance of SameSiteCookies.
Constructor Details
#initialize(app) ⇒ SameSiteCookies
Returns a new instance of SameSiteCookies.
22 23 24 |
# File 'lib/gitlab/middleware/same_site_cookies.rb', line 22 def initialize(app) @app = app end |
Instance Method Details
#call(env) ⇒ Object
26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 |
# File 'lib/gitlab/middleware/same_site_cookies.rb', line 26 def call(env) status, headers, body = @app.call(env) result = [status, headers, body] = headers['Set-Cookie']&.strip return result if .blank? || !ssl? return result if same_site_none_incompatible?(env['HTTP_USER_AGENT']) = .split(COOKIE_SEPARATOR) .each do || next if .blank? # Chrome will drop SameSite=None cookies without the Secure # flag. If we remove this middleware, we may need to ensure # that all cookies set this flag. unless SECURE_REGEX.match?() << '; Secure' end unless SAME_SITE_REGEX.match?() << '; SameSite=None' end end headers['Set-Cookie'] = .join(COOKIE_SEPARATOR) result end |