vweb: secure HttpOnly cookies

medvednikov · medvednikov · commit f28638764792 · 2019-12-11T03:20:30.000+03:00
diff --git a/vlib/builtin/string_test.v b/vlib/builtin/string_test.v
@@ -233,6 +233,11 @@ fn test_replace_each() {
 		'[code]', '<code>',
 		'[/code]', '</code>'
 	]) == '<b>bold</b> <code>code</code>'
+	bb2 := '[b]cool[/b]'
+	assert bb2.replace_each([
+		'[b]', '<b>',
+		'[/b]', '</b>',
+	]) == '<b>cool</b>'
 }
 
 fn test_itoa() {
diff --git a/vlib/vweb/tmpl/tmpl.v b/vlib/vweb/tmpl/tmpl.v
@@ -76,7 +76,7 @@ _ = header
 		}
 		// HTML, may include `@var`
 		else {
-			s.writeln(line.replace('@', '\x24').replace('\'', '"') )
+			s.writeln(line.replace('@', '\x24').replace("'", '"') )
 		}
 	}
 	s.writeln(STR_END)
diff --git a/vlib/vweb/vweb.v b/vlib/vweb/vweb.v
@@ -74,11 +74,11 @@ pub fn (ctx Context) not_found(s string) {
 
 pub fn (ctx mut Context) set_cookie(key, val string) { // TODO support directives, escape cookie value (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie)
 	//println('Set-Cookie $key=$val')
-	ctx.add_header('Set-Cookie', '$key=$val')
+	ctx.add_header('Set-Cookie', '$key=$val;  Secure; HttpOnly')
 }
 
 pub fn (ctx &Context) get_cookie(key string) ?string { // TODO refactor
-	cookie_header := ' ' + ctx.get_header('Cookie')
+	cookie_header := ' ' + ctx.get_header('cookie')
 	cookie := if cookie_header.contains(';') {
 		cookie_header.find_between(' $key=', ';')
 	} else {

Original file line number	Diff line number	Diff line change
`@@ -76,7 +76,7 @@ _ = header`
`76`	`76`	`}`
`77`	`77`	// HTML, may include `@var`
`78`	`78`	`else {`
`79`		`- s.writeln(line.replace('@', '\x24').replace('\'', '"') )`
	`79`	`+ s.writeln(line.replace('@', '\x24').replace("'", '"') )`
`80`	`80`	`}`
`81`	`81`	`}`
`82`	`82`	`s.writeln(STR_END)`