github.com/avenga/couper@v1.12.2/server/writer/cookies.go

github.com/avenga/couper@v1.12.2/server/writer/cookies.go (about)

     1  package writer
     2  
     3  import (
     4  	"net/http"
     5  	"regexp"
     6  	"strings"
     7  )
     8  
     9  const (
    10  	SecureCookiesStrip = "strip"
    11  	SecureCookieAV     = "Secure"
    12  	setCookieHeader    = "Set-Cookie"
    13  )
    14  
    15  var regexSplitSetCookie = regexp.MustCompile(`([^;]+);?`)
    16  
    17  func stripSecureCookies(header http.Header) {
    18  	list := header.Values(setCookieHeader)
    19  	header.Del(setCookieHeader)
    20  
    21  	for _, original := range list {
    22  		parts, isSecure := parseSetCookieHeader(original)
    23  
    24  		if !isSecure {
    25  			header.Add(setCookieHeader, original) // Unchanged
    26  		} else {
    27  			header.Add(setCookieHeader, strings.Join(parts, "; "))
    28  		}
    29  	}
    30  }
    31  
    32  // parseSetCookieHeader splits the given Set-Cookie HTTP header field value
    33  // and always removes the <Secure> flag. If the <Secure> flag was present, the
    34  // second return value is set to <true>, otherwise to <false>.
    35  func parseSetCookieHeader(setCookie string) ([]string, bool) {
    36  	var parts []string
    37  	var isSecure bool
    38  
    39  	for _, m := range regexSplitSetCookie.FindAllStringSubmatch(setCookie, -1) {
    40  		part := strings.TrimSpace(m[1])
    41  
    42  		if strings.EqualFold(part, SecureCookieAV) {
    43  			isSecure = true
    44  
    45  			continue
    46  		}
    47  
    48  		parts = append(parts, part)
    49  	}
    50  
    51  	return parts, isSecure
    52  }