Fixed a bug in the cookie component where removing a cookie from a subdirectory would not work

lovasoa · lovasoa · commit 6c68d1db2b04 · 2024-06-01T18:17:35.000+02:00
fixes #368 Thanks to @E8y2FqZE for reporting the issue.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -6,6 +6,7 @@
  - new `tooltip` property in the button component.
  - New `search_value` property in the shell component.
  - Fixed a display issue in the hero component when the button text is long and the viewport is narrow.
+ - Fixed a bug in the cookie component where removing a cookie from a subdirectory would not work.
 
 ## 0.22.0 (2024-05-29)
  -  **Important Security Fix:** The behavior of `SET $x` has been modified to match `SELECT $x`.
diff --git a/examples/read-and-set-http-cookies/index.sql b/examples/read-and-set-http-cookies/index.sql
@@ -11,4 +11,7 @@ SELECT 'username' as name,
     'try leaving this page and coming back, the value should be saved in a cookie' as description;
 
 select 'text' as component;
-select 'log out' as contents, 'logout.sql' as link;
+select 'log out' as contents, 'logout.sql' as link;
+
+select 'text' as component;
+select 'View the cookie from a subdirectory' as contents, 'subdirectory/read_cookies.sql' as link;
diff --git a/examples/read-and-set-http-cookies/subdirectory/read_cookies.sql b/examples/read-and-set-http-cookies/subdirectory/read_cookies.sql
@@ -0,0 +1,9 @@
+-- Cookies can be specific to a certain path in the website
+-- This page demonstrates that a gobal cookie can be removed from a subdirectory
+select 'cookie' as component, 'username' as name, true as remove, '/' as path;
+
+SELECT 'text' as component;
+SELECT 'The value of your username cookie was: ' ||
+    COALESCE(sqlpage.cookie('username'), 'NULL') ||
+    '. It has now been removed. You can reload this page.' as contents;
+
diff --git a/src/render.rs b/src/render.rs
@@ -114,6 +114,17 @@ impl<'a, W: std::io::Write> HeaderContext<'a, W> {
             .with_context(|| "cookie name must be a string")?;
         let mut cookie = actix_web::cookie::Cookie::named(name);
 
+        let path = obj.get("path").and_then(JsonValue::as_str);
+        if let Some(path) = path {
+            cookie.set_path(path);
+        } else {
+            cookie.set_path("/");
+        }
+        let domain = obj.get("domain").and_then(JsonValue::as_str);
+        if let Some(domain) = domain {
+            cookie.set_domain(domain);
+        }
+
         let remove = obj.get("remove");
         if remove == Some(&json!(true)) || remove == Some(&json!(1)) {
             cookie.make_removal();
@@ -138,16 +149,6 @@ impl<'a, W: std::io::Write> HeaderContext<'a, W> {
         });
         let secure = obj.get("secure");
         cookie.set_secure(secure != Some(&json!(false)) && secure != Some(&json!(0)));
-        let path = obj.get("path").and_then(JsonValue::as_str);
-        if let Some(path) = path {
-            cookie.set_path(path);
-        } else {
-            cookie.set_path("/");
-        }
-        let domain = obj.get("domain").and_then(JsonValue::as_str);
-        if let Some(domain) = domain {
-            cookie.set_domain(domain);
-        }
         let expires = obj.get("expires");
         if let Some(expires) = expires {
             cookie.set_expires(actix_web::cookie::Expiration::DateTime(match expires {
