Added experimental support for samesite=none

ChangeLog.md

@@ -0,0 +1,10 @@
+Change Log {#changelog}
+=======================
+
+
+## 1.3.0
+
+Changes:
+
+* Added experimental support for `samesite=none`
+* Removed unnecessary `devDependencies`

README.md

@@ -106,9 +106,10 @@ The cookie will be transmitted only over [`secure`](https://developer.mozilla.or
 
 Prevents the browser from sending the cookie along with cross-site requests (see [`samesite`](https://developer.mozilla.org/en-US/docs/Web/API/document/cookie#new-cookie_samesite) flag); possible values are:
 
-1. `"no_restriction"` (case insensitive) or [`undefined`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/undefined). or [`null`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/null) or `false` or `0` or a negative number: the cookie will allow cross-site requests
-2. `"lax"` (case insensitive) or `1` or `true`: cookies will only be sent for TOP LEVEL navigation GET requests – this is sufficient for user tracking, but it will prevent many CSRF attacks
-3. `"strict"` (case insensitive) or any other value not matching 1. and 2.: the `strict` flag will prevent the cookie from being sent by the browser to the target site in all cross-site browsing context, even when following a regular link
+1. `"no_restriction"` (case insensitive) or [`undefined`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/undefined). or [`null`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/null) or `false` or `0`: don't express any preference (in most cases this means that the cookie will allow cross-site requests, but this is likely going to change in the future)
+2. `"none"` (case insensitive) or a negative number: the cookie will allow cross-site requests (experimental)
+3. `"lax"` (case insensitive) or `1` or `true`: cookies will only be sent for TOP LEVEL navigation GET requests – this is sufficient for user tracking, but it will prevent many CSRF attacks
+4. `"strict"` (case insensitive) or any other value not matching the previous cases: the `strict` flag will prevent the cookie from being sent by the browser to the target site in all cross-site browsing context, even when following a regular link
 
 </dd></dl>
 

cookies.js

@@ -4,7 +4,7 @@
 |*|
 |*|	A complete cookies reader/writer framework with full unicode support.
 |*|
-|*|	Revision #7 - September 13th, 2019
+|*|	Revision #8 - February 18th, 2020
 |*|
 |*|	https://developer.mozilla.org/en-US/docs/Web/API/document.cookie
 |*|	https://developer.mozilla.org/User:fusionchess
@@ -36,17 +36,18 @@
 
 				case Number:
 
+					sExpires = vEnd === Infinity ? "; expires=Fri, 31 Dec 9999 23:59:59 GMT" : "; max-age=" + vEnd;
+
 					/*
 					Note: Despite officially defined in RFC 6265, the use of `max-age` is not compatible with any
 					version of Internet Explorer, Edge and some mobile browsers. Therefore passing a number to
 					the end parameter might not work as expected. A possible solution might be to convert the the
-					relative time to an absolute time. For instance, replacing the following line with:
+					relative time to an absolute time. For instance you could replace the previous line with:
 					*/
 					/*
 					sExpires = vEnd === Infinity ? "; expires=Fri, 31 Dec 9999 23:59:59 GMT" : "; expires=" + (new Date(vEnd * 1e3 + Date.now())).toUTCString();
 					*/
 
-					sExpires = vEnd === Infinity ? "; expires=Fri, 31 Dec 9999 23:59:59 GMT" : "; max-age=" + vEnd;
 					break;
 
 				case String:
@@ -63,7 +64,7 @@
 
 		}
 
-		return	encodeURIComponent(sKey) + "=" + encodeURIComponent(sValue) + sExpires + (sDomain ? "; domain=" + sDomain : "") + (sPath ? "; path=" + sPath : "") + (bSecure ? "; secure" : "") + (!vSameSite || vSameSite.toString().toLowerCase() === "no_restriction" || vSameSite < 0 ? "" : vSameSite.toString().toLowerCase() === "lax" || Math.ceil(vSameSite) === 1 || vSameSite === true ? "; samesite=lax" : "; samesite=strict");
+		return	encodeURIComponent(sKey) + "=" + encodeURIComponent(sValue) + sExpires + (sDomain ? "; domain=" + sDomain : "") + (sPath ? "; path=" + sPath : "") + (bSecure ? "; secure" : "") + (!vSameSite || vSameSite.toString().toLowerCase() === "no_restriction" ? "" : vSameSite.toString().toLowerCase() === "lax" || Math.ceil(vSameSite) === 1 || vSameSite === true ? "; samesite=lax" : vSameSite.toString().toLowerCase() === "none" || vSameSite < 0 ? "; samesite=none" : "; samesite=strict");
 
 	}
 
@@ -137,3 +138,4 @@ if (typeof module !== "undefined" && typeof module.exports !== "undefined") {
 	module.exports = docCookies;
 
 }
+