Skip to content

actix-identity: Documentation of http_only() seems incorrect #211

New issue
New issue
Open
Open
actix-identity: Documentation of http_only() seems incorrect#211
Labels
A-identityProject: actix-identityC-documentationImprovements or additions to documentationgood first issueGood for newcomers
@puzzlepaint

Description

@puzzlepaint
puzzlepaint
opened on Dec 9, 2021

The comment on CookieIdentityPolicy::http_only() says "By default, the HttpOnly attribute is omitted from issued cookies":

actix-extras/actix-identity/src/cookie.rs

Line 259 in 5605178

/// By default, the `HttpOnly` attribute is omitted from issued cookies.

However, it seems to me that the http_only Option defaults to None here in new():

actix-extras/actix-identity/src/cookie.rs

Line 59 in 5605178

http_only: None,

And if the option is None, then the flag is set to true here:

actix-extras/actix-identity/src/cookie.rs

Line 85 in 5605178

cookie.set_http_only(true);

And won't be changed here:

actix-extras/actix-identity/src/cookie.rs

Line 95 in 5605178

if let Some(http_only) = self.http_only {

Unless I am overlooking something, it thus seems to me that the documentation is incorrect and should say that the HttpOnly attribute is set by default (or the behavior should be changed to match the documentation).

Metadata

Metadata

Assignees

No one assigned

    Labels

    A-identityProject: actix-identityC-documentationImprovements or additions to documentationgood first issueGood for newcomers

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions