diff options
author | Eric Wong <normalperson@yhbt.net> | 2010-01-05 17:36:17 -0800 |
---|---|---|
committer | Eric Wong <normalperson@yhbt.net> | 2010-01-05 17:37:50 -0800 |
commit | 52400de1c9e9437b5c9df899f273485f663bb5b5 (patch) | |
tree | 38d9e34e2693a6e4694fd0189f5f3f01356cacde | |
parent | 8da4448c7117759b0fb8ea8e4243e81ea8b26e7c (diff) | |
download | unicorn-52400de1c9e9437b5c9df899f273485f663bb5b5.tar.gz |
The HeaderHash optimizations in Rack 1.1 interact badly with Rails 2.3.5 (and possibly other frameworks/apps) which set multi-value "Set-Cookie" headers without relying on the proper methods provided by Rack::Utils. While this is an issue with Rails not using properly, there may be similar apps that make this mistake and Rack::Lint does not guard against it. Rack-ML-Ref: <20100105235845.GB3377@dcvr.yhbt.net>
-rw-r--r-- | lib/unicorn/http_response.rb | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/unicorn/http_response.rb b/lib/unicorn/http_response.rb index 92d4d6d..96e484b 100644 --- a/lib/unicorn/http_response.rb +++ b/lib/unicorn/http_response.rb @@ -47,7 +47,8 @@ module Unicorn headers.each do |key, value| next if SKIP.include?(key.downcase) if value =~ /\n/ - out.concat(value.split(/\n/).map! { |v| "#{key}: #{v}\r\n" }) + # avoiding blank, key-only cookies with /\n+/ + out.concat(value.split(/\n+/).map! { |v| "#{key}: #{v}\r\n" }) else out << "#{key}: #{value}\r\n" end |