I notice that Rails 2.2 (currently edge) supports setting HttpOnly on the session cookie.
我注意到Rails 2.2(目前是边缘)支持在会话cookie上设置HttpOnly。
Is there a way of setting it on a Rails 2.1 application without moving to edge/2.2?
有没有办法在Rails 2.1应用程序上设置它而不移动到edge / 2.2?
3 个解决方案
#1
1
Well it isn't supported, as you note, but you can of course monkey-patch Rails to do what you want. Actually, the difference between directly patching your Rails v. monkey-patching in this case is very little, as either would be removed/reverted when you upgrade to 2.2.
嗯,它不受支持,正如你所说,但你当然可以猴子修补Rails做你想要的。实际上,在这种情况下,直接修补Rails v.mookie-patching的区别很小,因为当你升级到2.2时,要么删除/恢复。
In both cases you would look at that applied diff as a guide for patching 2.1 yourself - either through applying the patch directly (modulo any 2.1/edge differences), or by reopening those classes from your own code post-environment-loading to apply the changes.
在这两种情况下,您都会将应用差异视为自己修补2.1的指南 - 通过直接应用补丁(模数任何2.1 /边缘差异),或者在环境加载后从您自己的代码重新打开这些类来应用变化。
#2
1
I have written a monkey patch to add this support to Rails 2.1, from the patch for Rails 2.2.
我已经编写了一个猴子补丁来从Rails 2.2的补丁中添加对Rails 2.1的支持。
I've not tested on anything other than Rails 2.1, and your mileage may vary!
我没有测试除Rails 2.1以外的任何东西,你的里程可能会有所不同!
#3
0
Set the http_only
option to true in the cookie's options hash:
在cookie的选项哈希中将http_only选项设置为true:
cookies['visits'] = { :value => '20', :http_only => true }
#1
1
Well it isn't supported, as you note, but you can of course monkey-patch Rails to do what you want. Actually, the difference between directly patching your Rails v. monkey-patching in this case is very little, as either would be removed/reverted when you upgrade to 2.2.
嗯,它不受支持,正如你所说,但你当然可以猴子修补Rails做你想要的。实际上,在这种情况下,直接修补Rails v.mookie-patching的区别很小,因为当你升级到2.2时,要么删除/恢复。
In both cases you would look at that applied diff as a guide for patching 2.1 yourself - either through applying the patch directly (modulo any 2.1/edge differences), or by reopening those classes from your own code post-environment-loading to apply the changes.
在这两种情况下,您都会将应用差异视为自己修补2.1的指南 - 通过直接应用补丁(模数任何2.1 /边缘差异),或者在环境加载后从您自己的代码重新打开这些类来应用变化。
#2
1
I have written a monkey patch to add this support to Rails 2.1, from the patch for Rails 2.2.
我已经编写了一个猴子补丁来从Rails 2.2的补丁中添加对Rails 2.1的支持。
I've not tested on anything other than Rails 2.1, and your mileage may vary!
我没有测试除Rails 2.1以外的任何东西,你的里程可能会有所不同!
#3
0
Set the http_only
option to true in the cookie's options hash:
在cookie的选项哈希中将http_only选项设置为true:
cookies['visits'] = { :value => '20', :http_only => true }