You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by wi...@apache.org on 2020/01/13 19:42:35 UTC

[couchdb-mochiweb] 36/37: add support for SameSite=none in cookies

This is an automated email from the ASF dual-hosted git repository.

willholley pushed a commit to branch upstream
in repository https://gitbox.apache.org/repos/asf/couchdb-mochiweb.git

commit f2b90b9f0b449c391dc328842ff1ee4cfc053d63
Author: Anthony Molinaro <an...@openx.com>
AuthorDate: Fri Jul 12 22:00:34 2019 +0000

    add support for SameSite=none in cookies
---
 src/mochiweb_cookies.erl | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/src/mochiweb_cookies.erl b/src/mochiweb_cookies.erl
index c7b0fcf..dd28610 100644
--- a/src/mochiweb_cookies.erl
+++ b/src/mochiweb_cookies.erl
@@ -65,7 +65,7 @@ cookie(Key, Value) ->
 %% where Option = {max_age, int_seconds()} | {local_time, {date(), time()}}
 %%                | {domain, string()} | {path, string()}
 %%                | {secure, true | false} | {http_only, true | false}
-%%                | {same_site, lax | strict}
+%%                | {same_site, lax | strict | none}
 %%
 %% @doc Generate a Set-Cookie header field tuple.
 cookie(Key, Value, Options) ->
@@ -130,7 +130,9 @@ cookie(Key, Value, Options) ->
             lax ->
                 "; SameSite=Lax";
             strict ->
-                "; SameSite=Strict"
+                "; SameSite=Strict";
+            none ->
+                "; SameSite=None"
         end,
     CookieParts = [Cookie, ExpiresPart, SecurePart, DomainPart, PathPart,
         HttpOnlyPart, SameSitePart],
@@ -378,6 +380,18 @@ cookie_test() ->
           "Max-Age=86417"},
     C3 = cookie("Customer", "WILE_E_COYOTE",
                 [{max_age, 86417}, {local_time, LocalTime}]),
+
+    % test various values for SameSite
+    %
+    % unset default to nothing
+    C4 = {"Set-Cookie","i=test123; Version=1"},
+    C4 = cookie("i", "test123", []),
+    C5 = {"Set-Cookie","i=test123; Version=1; SameSite=Strict"},
+    C5 = cookie("i", "test123", [ {same_site, strict}]),
+    C6 = {"Set-Cookie","i=test123; Version=1; SameSite=Lax"},
+    C6 = cookie("i", "test123", [ {same_site, lax}]),
+    C7 = {"Set-Cookie","i=test123; Version=1; SameSite=None"},
+    C7 = cookie("i", "test123", [ {same_site, none}]),
     ok.
 
 -endif.