From 63864ecf9e3e6b8dbf883d3030267a525fb50a18 Mon Sep 17 00:00:00 2001
From: Takeru Sato <type.in.type@gmail.com>
Date: Wed, 13 May 2020 01:48:35 +0900
Subject: [PATCH] support parsing of SameSite=None (#1503)

---
 actix-http/CHANGES.md          |  6 ++++++
 actix-http/src/cookie/parse.rs | 35 ++++++++++++++++++++++++++++++++++
 2 files changed, 41 insertions(+)

diff --git a/actix-http/CHANGES.md b/actix-http/CHANGES.md
index 92302a666..56cd9e58c 100644
--- a/actix-http/CHANGES.md
+++ b/actix-http/CHANGES.md
@@ -1,5 +1,11 @@
 # Changes
 
+## [Unreleased]
+
+### Fixed
+
+* Support parsing of `SameSite=None` [#1503]
+
 ## [2.0.0-alpha.3] - 2020-05-08
 
 ### Fixed
diff --git a/actix-http/src/cookie/parse.rs b/actix-http/src/cookie/parse.rs
index ce261c758..d472b32b6 100644
--- a/actix-http/src/cookie/parse.rs
+++ b/actix-http/src/cookie/parse.rs
@@ -172,6 +172,8 @@ fn parse_inner<'c>(s: &str, decode: bool) -> Result<Cookie<'c>, ParseError> {
                     cookie.same_site = Some(SameSite::Strict);
                 } else if v.eq_ignore_ascii_case("lax") {
                     cookie.same_site = Some(SameSite::Lax);
+                } else if v.eq_ignore_ascii_case("none") {
+                    cookie.same_site = Some(SameSite::None);
                 } else {
                     // We do nothing here, for now. When/if the `SameSite`
                     // attribute becomes standard, the spec says that we should
@@ -261,6 +263,16 @@ mod tests {
         assert_eq_parse!("foo=bar; SameSite=strict", expected);
         assert_eq_parse!("foo=bar; SameSite=STrICT", expected);
         assert_eq_parse!("foo=bar; SameSite=STRICT", expected);
+
+        let expected = Cookie::build("foo", "bar")
+            .same_site(SameSite::None)
+            .finish();
+
+        assert_eq_parse!("foo=bar; SameSite=None", expected);
+        assert_eq_parse!("foo=bar; SameSITE=None", expected);
+        assert_eq_parse!("foo=bar; SameSite=nOne", expected);
+        assert_eq_parse!("foo=bar; SameSite=NoNE", expected);
+        assert_eq_parse!("foo=bar; SameSite=NONE", expected);
     }
 
     #[test]
@@ -396,6 +408,29 @@ mod tests {
              Domain=foo.com; Expires=Wed, 21 Oct 2015 07:28:00 GMT",
             unexpected
         );
+
+        expected.set_expires(expires);
+        expected.set_same_site(SameSite::Lax);
+        assert_eq_parse!(
+            " foo=bar ;HttpOnly; Secure; Max-Age=4; Path=/foo; \
+             Domain=foo.com; Expires=Wed, 21 Oct 2015 07:28:00 GMT; \
+             SameSite=Lax",
+            expected
+        );
+        expected.set_same_site(SameSite::Strict);
+        assert_eq_parse!(
+            " foo=bar ;HttpOnly; Secure; Max-Age=4; Path=/foo; \
+             Domain=foo.com; Expires=Wed, 21 Oct 2015 07:28:00 GMT; \
+             SameSite=Strict",
+            expected
+        );
+        expected.set_same_site(SameSite::None);
+        assert_eq_parse!(
+            " foo=bar ;HttpOnly; Secure; Max-Age=4; Path=/foo; \
+             Domain=foo.com; Expires=Wed, 21 Oct 2015 07:28:00 GMT; \
+             SameSite=None",
+            expected
+        );
     }
 
     #[test]