From 743942f4afa607049caa928440cce4d3c3c77b2e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciej=20Kwa=C5=9Bniak?= Date: Mon, 27 May 2019 17:55:17 +0200 Subject: [PATCH 1/4] Add SameSite attribute support --- addon/utils/serialize-cookie.js | 3 +++ 1 file changed, 3 insertions(+) diff --git a/addon/utils/serialize-cookie.js b/addon/utils/serialize-cookie.js index f9dd2f6c..af1a8a11 100644 --- a/addon/utils/serialize-cookie.js +++ b/addon/utils/serialize-cookie.js @@ -21,6 +21,9 @@ export const serializeCookie = (name, value, options = {}) => { if (!isEmpty(options.path)) { cookie = `${cookie}; path=${options.path}`; } + if (!isEmpty(options.sameSite)) { + cookie = `${cookie}; SameSite=${options.sameSite}`; + } return cookie; }; From 5b6af2ca136fd09ecaa3a2a88abc8075d5629830 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciej=20Kwa=C5=9Bniak?= Date: Thu, 20 Jun 2019 13:19:34 +0200 Subject: [PATCH 2/4] Add test --- tests/unit/services/cookies-test.js | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/tests/unit/services/cookies-test.js b/tests/unit/services/cookies-test.js index d94cc9e5..023c35a6 100644 --- a/tests/unit/services/cookies-test.js +++ b/tests/unit/services/cookies-test.js @@ -723,6 +723,15 @@ describe('CookiesService', function() { this.subject().write(COOKIE_NAME, 'test', { httpOnly: true }); }).to.not.throw(); }); + + it('sets the sameSite flag', function() { + this.fakeFastBoot.response.headers.append = function(headerName, headerValue) { + expect(headerName).to.equal('set-cookie'); + expect(headerValue).to.equal(`${COOKIE_NAME}=test; SameSite=Strict`); + }; + + this.subject().write(COOKIE_NAME, 'test', { sameSite: 'Strict' }); + }); }); describe('clearing a cookie', function() { From 55ab0ece76c1400d3a6c5e1a49f8c941f0a012b6 Mon Sep 17 00:00:00 2001 From: Marco Otte-Witte Date: Mon, 28 Oct 2019 20:33:49 +0100 Subject: [PATCH 3/4] add browser test --- tests/unit/services/cookies-test.js | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/tests/unit/services/cookies-test.js b/tests/unit/services/cookies-test.js index 023c35a6..c3162748 100644 --- a/tests/unit/services/cookies-test.js +++ b/tests/unit/services/cookies-test.js @@ -328,6 +328,16 @@ describe('CookiesService', function() { this.subject().write(COOKIE_NAME, 'test', { httpOnly: true }); }).to.throw(); }); + + it('sets the sameSite flag', function() { + defineProperty(this.fakeDocument, 'cookie', { + set(value) { + expect(value).to.include('; SameSite=Strict'); + } + }); + + this.subject().write(COOKIE_NAME, 'test', { sameSite: 'Strict' }); + }); }); describe('clearing a cookie', function() { From a8e548564a789ab2259247943576d550fc8ffaad Mon Sep 17 00:00:00 2001 From: Marco Otte-Witte Date: Mon, 28 Oct 2019 20:35:23 +0100 Subject: [PATCH 4/4] add docs --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 299ee078..0ca9a453 100644 --- a/README.md +++ b/README.md @@ -52,8 +52,8 @@ The `cookies` service has methods for reading and writing cookies: URL-decoding the value). * `write(name, value, options = {})`: writes a cookie with the given name and value; options can be used to set `domain`, `expires` (Date), `maxAge` (time - in seconds), `path`, `secure`, and `raw` (boolean, disables URL-encoding the - value). + in seconds), `path`, `secure`, `raw` (boolean, disables URL-encoding the + value) and `sameSite` (can be either `'strict'` or `'lax'`). * `clear(name, options = {})`: clears the cookie so that future reads do not return a value; options can be used to specify `domain`, `path` or `secure`. * `exists(name)`: checks whether a cookie exists at all (even with a falsy