Skip to content

Commit

Permalink
Fix cookie date timezone format
Browse files Browse the repository at this point in the history
Cookie timezones now always 'GMT', as specified by RFC2616. This RFC is
obsoleted by RFC6265, which has more permissive datetime parsing, but
in the interests of backward-compatibility, we should adhere to the
older RFC.

Fixes #349.
  • Loading branch information
weavejester committed Mar 8, 2024
1 parent b5ec0e7 commit 16350bc
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 6 deletions.
10 changes: 8 additions & 2 deletions ring-core/src/ring/middleware/cookies.clj
Original file line number Diff line number Diff line change
Expand Up @@ -60,13 +60,19 @@
(try (Class/forName s)
(catch ClassNotFoundException _)))

;; RFC2616 requires a 'GMT' timezone, and while this is obsoleted by RFC6262,
;; which is more permissive in its parsing, in order to be as backward-
;; compatible as possible, we'll use a fixed 'GMT' timezone, which in this
;; case is equivalent to UTC.
(def ^:private datetime-format "EEE, dd MMM yyyy HH:mm:ss 'GMT'")

(when-let [dt (class-by-name "org.joda.time.DateTime")]
(extend dt
CookieDateTime
{:rfc822-format
(eval
'(let [fmtr (.. (org.joda.time.format.DateTimeFormat/forPattern
"EEE, dd MMM yyyy HH:mm:ss Z")
datetime-format)
(withZone org.joda.time.DateTimeZone/UTC)
(withLocale java.util.Locale/US))]
(fn [interval]
Expand All @@ -84,7 +90,7 @@
(.get this ChronoUnit/SECONDS)))

(let [java-rfc822-formatter
(.. (DateTimeFormatter/ofPattern "EEE, dd MMM yyyy HH:mm:ss Z")
(.. (DateTimeFormatter/ofPattern datetime-format)
(withZone (ZoneId/of "UTC"))
(withLocale Locale/US))]
(extend-protocol CookieDateTime
Expand Down
8 changes: 4 additions & 4 deletions ring-core/test/ring/middleware/test/cookies.clj
Original file line number Diff line number Diff line change
Expand Up @@ -205,7 +205,7 @@
:expires (date-time 2015 12 31)}}
handler (constantly {:cookies cookies})
resp ((wrap-cookies handler) {})
expires "Thu, 31 Dec 2015 00:00:00 +0000"]
expires "Thu, 31 Dec 2015 00:00:00 GMT"]
(is (= {"Set-Cookie" #{"a=b" "Path=/" "Secure" "HttpOnly" (str "Expires=" expires)}}
(split-set-cookie (:headers resp))))))

Expand All @@ -215,7 +215,7 @@
:expires (zoned-date-time 2015 12 31)}}
handler (constantly {:cookies cookies})
resp ((wrap-cookies handler) {})
expires "Thu, 31 Dec 2015 00:00:00 +0000"]
expires "Thu, 31 Dec 2015 00:00:00 GMT"]
(is (= {"Set-Cookie" #{"a=b" "Path=/" "Secure" "HttpOnly" (str "Expires=" expires)}}
(split-set-cookie (:headers resp))))))

Expand All @@ -228,7 +228,7 @@
:expires (date-time 2015 12 31)}}
handler (constantly {:cookies cookies})
resp ((wrap-cookies handler) {})
expires "Thu, 31 Dec 2015 00:00:00 +0000"]
expires "Thu, 31 Dec 2015 00:00:00 GMT"]
(is (= {"Set-Cookie" #{"a=b" "Path=/" "Secure" "HttpOnly" (str "Expires=" expires)}}
(split-set-cookie (:headers resp)))))
(finally
Expand All @@ -243,7 +243,7 @@
:expires (zoned-date-time 2015 12 31)}}
handler (constantly {:cookies cookies})
resp ((wrap-cookies handler) {})
expires "Thu, 31 Dec 2015 00:00:00 +0000"]
expires "Thu, 31 Dec 2015 00:00:00 GMT"]
(is (= {"Set-Cookie" #{"a=b" "Path=/" "Secure" "HttpOnly" (str "Expires=" expires)}}
(split-set-cookie (:headers resp)))))
(finally
Expand Down

0 comments on commit 16350bc

Please sign in to comment.