Cookies: accept setting same_site to none

Chromium and Firefox have both begun using "Lax" as the
default for non-Secure cookies.

1 files changed, 7 insertions, 3 deletions

diff --git a/src/cow_cookie.erl b/src/cow_cookie.erl
index 1f6d41b..226e5bf 100644
--- a/src/cow_cookie.erl
+++ b/src/cow_cookie.erl
@@ -26,7 +26,7 @@
 	path => binary(),
 	secure => true,
 	http_only => true,
-	same_site => strict | lax
+	same_site => strict | lax | none
 }.
 -export_type([cookie_attrs/0]).
 
@@ -35,7 +35,7 @@
 	http_only => boolean(),
 	max_age => non_neg_integer(),
 	path => binary(),
-	same_site => lax | strict,
+	same_site => lax | strict | none,
 	secure => boolean()
 }.
 -export_type([cookie_opts/0]).
@@ -258,7 +258,10 @@ parse_set_cookie_attr(<<"samesite">>, Value) ->
 			{ok, same_site, strict};
 		<<"lax">> ->
 			{ok, same_site, lax};
-		%% Value "none", unknown values and lack of value are equivalent.
+		%% Clients may have different defaults than "None".
+		<<"none">> ->
+			{ok, same_site, none};
+		%% Unknown values and lack of value are equivalent.
 		_ ->
 			ignore
 	end;
@@ -348,6 +351,7 @@ attributes([{secure, false}|Tail]) -> attributes(Tail);
 attributes([{secure, true}|Tail]) -> [<<"; Secure">>|attributes(Tail)];
 attributes([{same_site, lax}|Tail]) -> [<<"; SameSite=Lax">>|attributes(Tail)];
 attributes([{same_site, strict}|Tail]) -> [<<"; SameSite=Strict">>|attributes(Tail)];
+attributes([{same_site, none}|Tail]) -> [<<"; SameSite=None">>|attributes(Tail)];
 %% Skip unknown options.
 attributes([_|Tail]) -> attributes(Tail).