aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorNiklas <[email protected]>2020-08-27 17:24:57 +0200
committerLoïc Hoguin <[email protected]>2020-10-07 13:07:23 +0200
commitbb26112da43feef7fcd34a1647b86aa15e9bbeee (patch)
treefcd65e0195aca8d84c3215ffad5bc901668db085 /src
parent6e6c534753943c9f5ffc7332d7f36116a01dd4e4 (diff)
downloadcowlib-bb26112da43feef7fcd34a1647b86aa15e9bbeee.tar.gz
cowlib-bb26112da43feef7fcd34a1647b86aa15e9bbeee.tar.bz2
cowlib-bb26112da43feef7fcd34a1647b86aa15e9bbeee.zip
Cookies: accept setting same_site to none
Chromium and Firefox have both begun using "Lax" as the default for non-Secure cookies.
Diffstat (limited to 'src')
-rw-r--r--src/cow_cookie.erl10
1 files changed, 7 insertions, 3 deletions
diff --git a/src/cow_cookie.erl b/src/cow_cookie.erl
index 1f6d41b..226e5bf 100644
--- a/src/cow_cookie.erl
+++ b/src/cow_cookie.erl
@@ -26,7 +26,7 @@
path => binary(),
secure => true,
http_only => true,
- same_site => strict | lax
+ same_site => strict | lax | none
}.
-export_type([cookie_attrs/0]).
@@ -35,7 +35,7 @@
http_only => boolean(),
max_age => non_neg_integer(),
path => binary(),
- same_site => lax | strict,
+ same_site => lax | strict | none,
secure => boolean()
}.
-export_type([cookie_opts/0]).
@@ -258,7 +258,10 @@ parse_set_cookie_attr(<<"samesite">>, Value) ->
{ok, same_site, strict};
<<"lax">> ->
{ok, same_site, lax};
- %% Value "none", unknown values and lack of value are equivalent.
+ %% Clients may have different defaults than "None".
+ <<"none">> ->
+ {ok, same_site, none};
+ %% Unknown values and lack of value are equivalent.
_ ->
ignore
end;
@@ -348,6 +351,7 @@ attributes([{secure, false}|Tail]) -> attributes(Tail);
attributes([{secure, true}|Tail]) -> [<<"; Secure">>|attributes(Tail)];
attributes([{same_site, lax}|Tail]) -> [<<"; SameSite=Lax">>|attributes(Tail)];
attributes([{same_site, strict}|Tail]) -> [<<"; SameSite=Strict">>|attributes(Tail)];
+attributes([{same_site, none}|Tail]) -> [<<"; SameSite=None">>|attributes(Tail)];
%% Skip unknown options.
attributes([_|Tail]) -> attributes(Tail).