remove set-cookie headers if page is meant to be cached, bc fastly doesn't cache responses with set-cookie headers

no_cookies.rb

class NoCookies
  def initialize(app)
    @app = app
  end

  def call(env)
    @app.call(env).tap do |_, headers, _|
      if headers['Cache-Control'] =~ /public/ || headers['Surrogate-Control']
        headers.delete 'Set-Cookie'
      end
    end
  end
end

no_cookies_spec.rb

require 'spec_helper'

describe NoCookies do
  include Rack::Test::Methods

  HEADERS = {
      '/public' => {'Cache-Control' => 'max-age=3600, public'},
      '/surrogate' => {'Surrogate-Control' => 'max-age=3600, public'},
      '/private' => {'Cache-Control' => 'max-age=0, private'}
  }

  def app
    Rack::Builder.app {
      use NoCookies
      run ->(env) do
        headers = (HEADERS[env['PATH_INFO']] || {}).reverse_merge('Content-Type' => 'text/plain', 'Set-Cookie' => 'a=b')
        [200, headers, []]
      end
    }
  end

  it 'deletes cookies when cache-control is public' do
    get '/public'
    last_response.header['Set-Cookie'].should_not be_present
  end

  it 'deletes cookies when surrogate-control is present' do
    get '/surrogate'
    last_response.header['Set-Cookie'].should_not be_present
  end

  it 'allows cookies when cache-control is private' do
    get '/private'
    last_response.header['Set-Cookie'].should be_present
  end

  it 'allows cookies when cache-control is absent' do
    get '/'
    last_response.header['Set-Cookie'].should be_present
  end
end