Skip to content
This repository was archived by the owner on Dec 13, 2018. It is now read-only.

Add new CookiePolicy middleware #452

Closed
wants to merge 13 commits into from
Closed

Add new CookiePolicy middleware #452

wants to merge 13 commits into from

Conversation

HaoK
Copy link
Member

@HaoK HaoK commented Sep 16, 2015

Fixes aspnet/HttpAbstractions#42

cc @Tratcher @divega @lodejard @davidfowl @blowdart

Note: one quirk of the new instance based options Use methods . Configure<CookiePolicyOptions> in ConfigureServices will ALWAYS be ignored silently.

HaoK
HaoK reviewed Sep 16, 2015
View reviewed changes
src/Microsoft.AspNet.CookiePolicy/CookiePolicyMiddleware.cs

public Task Invoke(HttpContext context)
{
// REVIEW: Do we need to check if there is a Cookie feature already present like SendFile??
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This piece needs review, is it safe to blindly set the feature?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Consider wrapping the existing feature (if any) rather than just wrapping context.Response.Cookies. If none, default to a new ResponseCookiesFeature.

@kevinchalet
Copy link
Contributor

Naive question: why submitting this thing here and not in aspnet/HttpAbstractions or aspnet/BasicMiddleware?

@Tratcher
Copy link
Member

@PinpointTownes HttpAbstractions can't have any real middleware due to repo layering. Hosting depends on HttpAbstractions, so HttpAbstractions can't have any web app samples or TestHost tests. BasicMiddleware was considered, it was a toss up between it and Security. I think Security only won because this feature may help make your site more secure.

Tratcher
Tratcher reviewed Sep 16, 2015
View reviewed changes
src/Microsoft.AspNet.CookiePolicy/CookiePolicyMiddleware.cs

if (Policy.OnAppendCookie != null)
{
var context = new AppendCookieContext(Context, options: null, name: key, value: value);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What if they want to add options in the callback?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think you'd always call the other overload if the callback is set.

@HaoK
Copy link
Member Author

HaoK commented Sep 17, 2015

Updated PR, wrapping Cookies feature now and fixed other feedback

Tratcher
Tratcher reviewed Sep 17, 2015
View reviewed changes
src/Microsoft.AspNet.CookiePolicy/CookiePolicyMiddleware.cs
public CookiesWrapper(HttpContext context, CookiePolicyOptions options)
{
Context = context;
Feature = context.Features.Get<IResponseCookiesFeature>() ?? new ResponseCookiesFeature(context.Features);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It would be clearer that this was nesting if the Get was in Invoke and passed through.

@Tratcher
Copy link
Member

:shipit:

@HaoK
Copy link
Member Author

HaoK commented Sep 17, 2015

Updated with the test refactoring, I'm thinking this will be how the security tests end up looking too, as its similar already

@Tratcher
Copy link
Member

Nice, :shipit:

@HaoK
Copy link
Member Author

HaoK commented Sep 17, 2015

5cc1fea

@HaoK HaoK closed this Sep 17, 2015
@HaoK HaoK deleted the haok/9-15policy branch September 23, 2015 21:15
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@HaoK @kevinchalet @Tratcher @dnfclas