diff options
| author | Chirayu Krishnappa | 2013-05-10 19:17:56 -0700 |
|---|---|---|
| committer | Chirayu Krishnappa | 2013-05-11 09:28:14 -0700 |
| commit | 3952d35abe334a0e6afd1f6e34a74d984d1e9d24 (patch) | |
| tree | 262d27ddeb64eeac6626aedfd4429790862c7acf /src/ng | |
| parent | bffe6fa8a60d2b42685c56442a02e0881f00d810 (diff) | |
| download | angular.js-3952d35abe334a0e6afd1f6e34a74d984d1e9d24.tar.bz2 | |
fix($browser): should use first value for a cookie.
With this change, $browser.cookies()["foo"] will behave like
docCookies.getItem("foo") where docCookies is defined at
https://developer.mozilla.org/en-US/docs/DOM/document.cookie
This fixes the issue where, if there's a value for the XSRF-TOKEN cookie
value with the path /, then that value is used for all applications in
the domain even if they set path specific values for XSRF-TOKEN.
Closes #2635
Diffstat (limited to 'src/ng')
| -rw-r--r-- | src/ng/browser.js | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/src/ng/browser.js b/src/ng/browser.js index bda372be..7a32993f 100644 --- a/src/ng/browser.js +++ b/src/ng/browser.js @@ -297,7 +297,13 @@ function Browser(window, document, $log, $sniffer) { cookie = cookieArray[i]; index = cookie.indexOf('='); if (index > 0) { //ignore nameless cookies - lastCookies[unescape(cookie.substring(0, index))] = unescape(cookie.substring(index + 1)); + var name = unescape(cookie.substring(0, index)); + // the first value that is seen for a cookie is the most + // specific one. values for the same cookie name that + // follow are for less specific paths. + if (lastCookies[name] === undefined) { + lastCookies[name] = unescape(cookie.substring(index + 1)); + } } } } |