From 078f855672fe8ad65d2b25b0a4843c0f5637f32c Mon Sep 17 00:00:00 2001 From: ECrownofFire Date: Fri, 15 Jun 2018 07:20:25 -0400 Subject: Add support for SameSite cookies The SameSite cookie attribute has yet to appear in an official RFC, and until recently was exclusive to Chrome. However, Firefox has recently implemented it as well, so it seems prudent to support it. --- src/cow_cookie.erl | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/src/cow_cookie.erl b/src/cow_cookie.erl index d4f4898..b53fa35 100644 --- a/src/cow_cookie.erl +++ b/src/cow_cookie.erl @@ -19,7 +19,8 @@ -type cookie_option() :: {max_age, non_neg_integer()} | {domain, binary()} | {path, binary()} - | {secure, boolean()} | {http_only, boolean()}. + | {secure, boolean()} | {http_only, boolean()} + | {same_site, lax | strict}. -type cookie_opts() :: [cookie_option()]. -export_type([cookie_opts/0]). @@ -215,8 +216,13 @@ setcookie(Name, Value, Opts) -> {_, false} -> <<>>; {_, true} -> <<"; HttpOnly">> end, + SameSiteBin = case lists:keyfind(same_site, 1, Opts) of + false -> <<>>; + {_, lax} -> <<"; SameSite=Lax">>; + {_, strict} -> <<"; SameSite=Strict">> + end, [Name, <<"=">>, Value, <<"; Version=1">>, - MaxAgeBin, DomainBin, PathBin, SecureBin, HttpOnlyBin]. + MaxAgeBin, DomainBin, PathBin, SecureBin, HttpOnlyBin, SameSiteBin]. -ifdef(TEST). setcookie_test_() -> @@ -235,6 +241,12 @@ setcookie_test_() -> {<<"Customer">>, <<"WILE_E_COYOTE">>, [{secure, false}, {http_only, false}], <<"Customer=WILE_E_COYOTE; Version=1">>}, + {<<"Customer">>, <<"WILE_E_COYOTE">>, + [{same_site, lax}], + <<"Customer=WILE_E_COYOTE; Version=1; SameSite=Lax">>}, + {<<"Customer">>, <<"WILE_E_COYOTE">>, + [{same_site, strict}], + <<"Customer=WILE_E_COYOTE; Version=1; SameSite=Strict">>}, {<<"Customer">>, <<"WILE_E_COYOTE">>, [{path, <<"/acme">>}, {badoption, <<"negatory">>}], <<"Customer=WILE_E_COYOTE; Version=1; Path=/acme">>} -- cgit v1.2.3