Skip to content

Commit

Permalink
Support "none" in sameSite option
Browse files Browse the repository at this point in the history
closes #109
closes #111
  • Loading branch information
panva authored and dougwilson committed Oct 11, 2019
1 parent 7bc51eb commit fac05de
Show file tree
Hide file tree
Showing 3 changed files with 10 additions and 2 deletions.
1 change: 1 addition & 0 deletions HISTORY.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ unreleased

* Fix check for default `secure` option behavior
* Fix `maxAge` option preventing cookie deletion
* Support `"none"` in `sameSite` option
* deps: depd@~2.0.0
- Replace internal `eval` usage with `Function` constructor
- Use instance methods on `process` to check for listeners
Expand Down
4 changes: 2 additions & 2 deletions index.js
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ var fieldContentRegExp = /^[\u0009\u0020-\u007e\u0080-\u00ff]+$/;
* RegExp to match Same-Site cookie attribute value.
*/

var sameSiteRegExp = /^(?:lax|strict)$/i
var SAME_SITE_REGEXP = /^(?:lax|none|strict)$/i

function Cookies(request, response, options) {
if (!(this instanceof Cookies)) return new Cookies(request, response, options)
Expand Down Expand Up @@ -146,7 +146,7 @@ function Cookie(name, value, attrs) {
throw new TypeError('option domain is invalid');
}

if (this.sameSite && this.sameSite !== true && !sameSiteRegExp.test(this.sameSite)) {
if (this.sameSite && this.sameSite !== true && !SAME_SITE_REGEXP.test(this.sameSite)) {
throw new TypeError('option sameSite is invalid')
}
}
Expand Down
7 changes: 7 additions & 0 deletions test/cookie.js
Original file line number Diff line number Diff line change
Expand Up @@ -95,6 +95,13 @@ describe('new Cookie(name, value, [options])', function () {
})
})

describe('when set to "none"', function () {
it('should set "samesite=none" attribute in header', function () {
var cookie = new cookies.Cookie('foo', 'bar', { sameSite: 'none' })
assert.equal(cookie.toHeader(), 'foo=bar; path=/; samesite=none; httponly')
})
})

describe('when set to "strict"', function () {
it('should set "samesite=strict" attribute in header', function () {
var cookie = new cookies.Cookie('foo', 'bar', { sameSite: 'strict' })
Expand Down

0 comments on commit fac05de

Please sign in to comment.