Merge pull request #146 from Obvious/don-add-force-secure-cookies

Add ability to force all cookies to be served with secure
Medium · Mar 20, 2014 · f20cbdf · f20cbdf
2 parents 45c9547 + 5d2d2a7
commit f20cbdf
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 7 deletions.
diff --git a/package.json b/package.json
@@ -1,7 +1,7 @@
 {
   "name": "matador",
   "description": "an MVC framework for Node",
-  "version": "1.3.3",
+  "version": "1.3.4",
   "homepage": "https://github.com/Obvious/matador",
   "main": "src/matador.js",
   "authors": [

diff --git a/src/cookie.js b/src/cookie.js
@@ -20,12 +20,16 @@ module.exports = CookieService
 /**
  * @param {Object} req the http request
  * @param {Object} res the http response
+ * @param {boolean} forceSecureCookies if true force all cookies to be secure.
+ *     This is intended to be used to secure an http server running behind an
+ *     https proxy layer.
  * @constructor
  */
-function CookieService(req, res) {
+function CookieService(req, res, forceSecureCookies) {
   this.req = req
   this.res = res
   this.parsedCookies_ = null
+  this.forceSecureCookies = forceSecureCookies
 }
 
 
@@ -49,10 +53,19 @@ CookieService.prototype.get = function (name, opt_default) {
  * @param {Object=} options Optional options object containing some of the
  *    following: expires, path, domain, secure, httpOnly.
  */
-CookieService.prototype.set = function (name, value, options) {
-  if (options && options.secure && !this.res.socket.encrypted) {
-    throw new Error('Can not to set secure cookie on unencrypted socket.')
+CookieService.prototype.set = function (name, value, opt_options) {
+  var options = {}
+
+  if (opt_options) {
+    for (var key in opt_options) {
+        options[key] = opt_options[key];
+    }
   }
+
+  if (this.forceSecureCookies) {
+    options.secure = true
+  }
+
   var cookies = this.res.getHeader('Set-Cookie') || []
   if (typeof cookies === 'string') {
     cookies = [cookies]
@@ -90,7 +103,7 @@ CookieService.prototype.parseCookies_ = function () {
 function Cookie(name, value, options) {
   this.name = name
   this.value = value
-  this.options = options || {}
+  this.options = options
 }
 
 

diff --git a/src/matador.js b/src/matador.js
@@ -134,7 +134,7 @@ var createApp = function (baseDir, configuration) {
       res.header = res.setHeader
 
       // cookie service which allows for setting and retrieval of cookies
-      var cookieService = new CookieService(req, res)
+      var cookieService = new CookieService(req, res, app.get('force_secure_cookies'))
       res.cookie = cookieService.set.bind(cookieService)
 
       // expire a given cookie