diff options
| author | Ben Toews <mastahyeti@users.noreply.github.com> | 2016-03-15 09:18:44 -0600 |
|---|---|---|
| committer | Ben Toews <mastahyeti@users.noreply.github.com> | 2016-03-15 12:58:35 -0600 |
| commit | 9e6ebdd34f50ad01014394fa82d0dc5e46fa868a (patch) | |
| tree | 20b7b4da2c840e8bd63f690b252fe0f4d5b064b8 | |
| parent | 95172a60fe5c2a3850163fc75e0981fe440c064e (diff) | |
| download | rack-9e6ebdd34f50ad01014394fa82d0dc5e46fa868a.tar.gz | |
first-party cookies are now same-site cookies
remove use of `:first_party` option pass along provided value make the syntax more flexible s/strict/Strict/
| -rw-r--r-- | lib/rack/utils.rb | 11 | ||||
| -rw-r--r-- | test/spec_response.rb | 22 |
2 files changed, 26 insertions, 7 deletions
diff --git a/lib/rack/utils.rb b/lib/rack/utils.rb index d541608a..1aee9d34 100644 --- a/lib/rack/utils.rb +++ b/lib/rack/utils.rb @@ -248,13 +248,20 @@ module Rack rfc2822(value[:expires].clone.gmtime) if value[:expires] secure = "; secure" if value[:secure] httponly = "; HttpOnly" if (value.key?(:httponly) ? value[:httponly] : value[:http_only]) - first_party = "; First-Party" if value[:first_party] + same_site = if value[:same_site] + case value[:same_site] + when Symbol, String + "; SameSite=#{value[:same_site]}" + else + "; SameSite" + end + end value = value[:value] end value = [value] unless Array === value cookie = "#{escape(key)}=#{value.map { |v| escape v }.join('&')}#{domain}" \ - "#{path}#{max_age}#{expires}#{secure}#{httponly}#{first_party}" + "#{path}#{max_age}#{expires}#{secure}#{httponly}#{same_site}" case header when nil, '' diff --git a/test/spec_response.rb b/test/spec_response.rb index f1028826..70d81590 100644 --- a/test/spec_response.rb +++ b/test/spec_response.rb @@ -115,16 +115,28 @@ describe Rack::Response do response["Set-Cookie"].must_equal "foo=bar" end - it "can set First-Party cookies" do + it "can set SameSite cookies with any truthy value" do response = Rack::Response.new - response.set_cookie "foo", {:value => "bar", :first_party => true} - response["Set-Cookie"].must_equal "foo=bar; First-Party" + response.set_cookie "foo", {:value => "bar", :same_site => Object.new} + response["Set-Cookie"].must_equal "foo=bar; SameSite" + end + + it "can set SameSite cookies with string value" do + response = Rack::Response.new + response.set_cookie "foo", {:value => "bar", :same_site => "Lax"} + response["Set-Cookie"].must_equal "foo=bar; SameSite=Lax" + end + + it "can set SameSite cookies with symbol value" do + response = Rack::Response.new + response.set_cookie "foo", {:value => "bar", :same_site => :Strict} + response["Set-Cookie"].must_equal "foo=bar; SameSite=Strict" end [ nil, false ].each do |non_truthy| - it "omits First-Party attribute given a #{non_truthy.inspect} value" do + it "omits SameSite attribute given a #{non_truthy.inspect} value" do response = Rack::Response.new - response.set_cookie "foo", {:value => "bar", :first_party => non_truthy} + response.set_cookie "foo", {:value => "bar", :same_site => non_truthy} response["Set-Cookie"].must_equal "foo=bar" end end |