From 23cbfda066cdcdf4bb621e0d2cb663e917f887b8 Mon Sep 17 00:00:00 2001
From: John <john@johng.cn>
Date: Wed, 18 Apr 2018 09:02:12 +0800
Subject: [PATCH] =?UTF-8?q?ghttp.Cookie=E5=A2=9E=E5=8A=A0=E5=AF=B9httpOnly?=
 =?UTF-8?q?=E5=B1=9E=E6=80=A7=E7=9A=84=E6=94=AF=E6=8C=81?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 g/net/ghttp/http_server_cookie.go | 34 ++++++++++++++++++-------------
 1 file changed, 20 insertions(+), 14 deletions(-)

diff --git a/g/net/ghttp/http_server_cookie.go b/g/net/ghttp/http_server_cookie.go
index f7b16afde..9d1d0db49 100644
--- a/g/net/ghttp/http_server_cookie.go
+++ b/g/net/ghttp/http_server_cookie.go
@@ -29,10 +29,11 @@ type Cookie struct {
 
 // cookie项
 type CookieItem struct {
-    value  string
-    domain string // 有效域名
-    path   string // 有效路径
-    expire int    // 过期时间
+    value    string
+    domain   string // 有效域名
+    path     string // 有效路径
+    expire   int    // 过期时间
+    httpOnly bool
 }
 
 // 获取或者创建一个cookie对象，与传入的请求对应
@@ -57,7 +58,7 @@ func (c *Cookie) init() {
     c.mu.Lock()
     for _, v := range c.request.Cookies() {
         c.data[v.Name] = CookieItem {
-            v.Value, v.Domain, v.Path, v.Expires.Second(),
+            v.Value, v.Domain, v.Path, v.Expires.Second(), v.HttpOnly,
         }
     }
     c.mu.Unlock()
@@ -84,12 +85,16 @@ func (c *Cookie) Set(key, value string) {
 }
 
 // 设置cookie，带详细cookie参数
-func (c *Cookie) SetCookie(key, value, domain, path string, maxage int) {
+func (c *Cookie) SetCookie(key, value, domain, path string, maxAge int, httpOnly ... bool) {
     c.mu.Lock()
-    defer c.mu.Unlock()
-    c.data[key] = CookieItem {
-        value, domain, path, int(gtime.Second()) + maxage,
+    isHttpOnly := false
+    if len(httpOnly) > 0 {
+        isHttpOnly = httpOnly[0]
     }
+    c.data[key] = CookieItem {
+        value, domain, path, int(gtime.Second()) + maxAge, isHttpOnly,
+    }
+    c.mu.Unlock()
 }
 
 // 查询cookie
@@ -127,11 +132,12 @@ func (c *Cookie) Output() {
         http.SetCookie(
             c.response.ResponseWriter,
             &http.Cookie {
-                Name    : k,
-                Value   : v.value,
-                Domain  : v.domain,
-                Path    : v.path,
-                Expires : time.Unix(int64(v.expire), 0),
+                Name     : k,
+                Value    : v.value,
+                Domain   : v.domain,
+                Path     : v.path,
+                Expires  : time.Unix(int64(v.expire), 0),
+                HttpOnly : v.httpOnly,
             },
         )
     }