From be9e57032f95fe8a2d8403ca792345770cdaa8b1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lo=C3=AFc=20Hoguin?= <essen@ninenines.eu>
Date: Tue, 20 Oct 2020 13:35:19 +0200
Subject: Document the same_site changes

And explain that browsers may be more strict over TCP vs TLS.
---
 Makefile                           |  2 +-
 doc/src/manual/cow_cookie.asciidoc | 12 +++++++++---
 ebin/cowlib.app                    |  2 +-
 src/cow_cookie.erl                 |  2 +-
 4 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/Makefile b/Makefile
index c80b04a..e11e2a9 100644
--- a/Makefile
+++ b/Makefile
@@ -2,7 +2,7 @@
 
 PROJECT = cowlib
 PROJECT_DESCRIPTION = Support library for manipulating Web protocols.
-PROJECT_VERSION = 2.9.1
+PROJECT_VERSION = 2.10.0
 
 # Options.
 
diff --git a/doc/src/manual/cow_cookie.asciidoc b/doc/src/manual/cow_cookie.asciidoc
index 257d01e..0bde0ed 100644
--- a/doc/src/manual/cow_cookie.asciidoc
+++ b/doc/src/manual/cow_cookie.asciidoc
@@ -29,7 +29,7 @@ cookie_attrs() :: #{
     path => binary(),
     secure => true,
     http_only => true,
-    same_site => strict | lax
+    same_site => strict | lax | none
 }
 ----
 
@@ -48,7 +48,7 @@ cookie_opts() :: #{
     http_only => boolean(),
     max_age   => non_neg_integer(),
     path      => binary(),
-    same_site => lax | strict,
+    same_site => strict | lax | none,
     secure    => boolean()
 }
 ----
@@ -83,10 +83,14 @@ be sent to the current "directory" of the effective request URI.
 same_site::
 
 Whether the cookie should be sent along with cross-site
-requests. This header is currently non-standard but is in
+requests. This attribute is currently non-standard but is in
 the process of being standardized. Please refer to the
 https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-03#section-4.1.2.7[RFC 6265 (bis) draft]
 for details.
++
+The default value for this attribute may vary depending on
+user agent and configuration. Browsers are known to be more
+strict over TCP compared to TLS.
 
 secure::
 
@@ -97,6 +101,8 @@ transfer. By default there are no restrictions.
 
 == Changelog
 
+* *2.10*: The `same_site` attribute and option may now be
+          set to `none`.
 * *2.9*: The `cookie_attrs` type was added.
 * *1.0*: Module introduced.
 
diff --git a/ebin/cowlib.app b/ebin/cowlib.app
index 822d11e..5f69423 100644
--- a/ebin/cowlib.app
+++ b/ebin/cowlib.app
@@ -1,6 +1,6 @@
 {application, 'cowlib', [
 	{description, "Support library for manipulating Web protocols."},
-	{vsn, "2.9.1"},
+	{vsn, "2.10.0"},
 	{modules, ['cow_base64url','cow_cookie','cow_date','cow_hpack','cow_http','cow_http2','cow_http2_machine','cow_http_hd','cow_http_struct_hd','cow_http_te','cow_iolists','cow_link','cow_mimetypes','cow_multipart','cow_qs','cow_spdy','cow_sse','cow_uri','cow_uri_template','cow_ws']},
 	{registered, []},
 	{applications, [kernel,stdlib,crypto]},
diff --git a/src/cow_cookie.erl b/src/cow_cookie.erl
index 226e5bf..809ddf2 100644
--- a/src/cow_cookie.erl
+++ b/src/cow_cookie.erl
@@ -35,7 +35,7 @@
 	http_only => boolean(),
 	max_age => non_neg_integer(),
 	path => binary(),
-	same_site => lax | strict | none,
+	same_site => strict | lax | none,
 	secure => boolean()
 }.
 -export_type([cookie_opts/0]).
-- 
cgit v1.2.3