diff options
author | ECrownofFire <[email protected]> | 2018-06-15 07:20:25 -0400 |
---|---|---|
committer | Loïc Hoguin <[email protected]> | 2018-09-28 10:08:46 +0200 |
commit | 078f855672fe8ad65d2b25b0a4843c0f5637f32c (patch) | |
tree | a08f384430b963910346f2d7cdce1e0b65669fad /src | |
parent | 106ba84bb04537879d8ce59321a04e0682110b91 (diff) | |
download | cowlib-078f855672fe8ad65d2b25b0a4843c0f5637f32c.tar.gz cowlib-078f855672fe8ad65d2b25b0a4843c0f5637f32c.tar.bz2 cowlib-078f855672fe8ad65d2b25b0a4843c0f5637f32c.zip |
Add support for SameSite cookies
The SameSite cookie attribute has yet to appear in an official RFC, and
until recently was exclusive to Chrome. However, Firefox has recently
implemented it as well, so it seems prudent to support it.
Diffstat (limited to 'src')
-rw-r--r-- | src/cow_cookie.erl | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/src/cow_cookie.erl b/src/cow_cookie.erl index d4f4898..b53fa35 100644 --- a/src/cow_cookie.erl +++ b/src/cow_cookie.erl @@ -19,7 +19,8 @@ -type cookie_option() :: {max_age, non_neg_integer()} | {domain, binary()} | {path, binary()} - | {secure, boolean()} | {http_only, boolean()}. + | {secure, boolean()} | {http_only, boolean()} + | {same_site, lax | strict}. -type cookie_opts() :: [cookie_option()]. -export_type([cookie_opts/0]). @@ -215,8 +216,13 @@ setcookie(Name, Value, Opts) -> {_, false} -> <<>>; {_, true} -> <<"; HttpOnly">> end, + SameSiteBin = case lists:keyfind(same_site, 1, Opts) of + false -> <<>>; + {_, lax} -> <<"; SameSite=Lax">>; + {_, strict} -> <<"; SameSite=Strict">> + end, [Name, <<"=">>, Value, <<"; Version=1">>, - MaxAgeBin, DomainBin, PathBin, SecureBin, HttpOnlyBin]. + MaxAgeBin, DomainBin, PathBin, SecureBin, HttpOnlyBin, SameSiteBin]. -ifdef(TEST). setcookie_test_() -> @@ -236,6 +242,12 @@ setcookie_test_() -> [{secure, false}, {http_only, false}], <<"Customer=WILE_E_COYOTE; Version=1">>}, {<<"Customer">>, <<"WILE_E_COYOTE">>, + [{same_site, lax}], + <<"Customer=WILE_E_COYOTE; Version=1; SameSite=Lax">>}, + {<<"Customer">>, <<"WILE_E_COYOTE">>, + [{same_site, strict}], + <<"Customer=WILE_E_COYOTE; Version=1; SameSite=Strict">>}, + {<<"Customer">>, <<"WILE_E_COYOTE">>, [{path, <<"/acme">>}, {badoption, <<"negatory">>}], <<"Customer=WILE_E_COYOTE; Version=1; Path=/acme">>} ], |