1
0
Fork 0
mirror of https://github.com/actix/actix-web.git synced 2024-12-21 07:36:43 +00:00

allow explicit SameSite=None cookies (#1282)

fixes #1035
This commit is contained in:
Rob Ede 2020-01-23 01:08:23 +00:00 committed by Yuki Okushi
parent 2e9ab0625e
commit a3287948d1
4 changed files with 26 additions and 8 deletions

View file

@ -1,3 +1,9 @@
## Unreleased
* Setting a cookie's SameSite property, explicitly, to `SameSite::None` will now
result in `SameSite=None` being sent with the response Set-Cookie header.
To create a cookie without a SameSite attribute, remove any calls setting same_site.
## 2.0.0
* `HttpServer::start()` renamed to `HttpServer::run()`. It also possible to

View file

@ -1,5 +1,11 @@
# Changes
# [Unreleased]
### Fixed
* Allow `SameSite=None` cookies to be sent in a response.
## [1.0.1] - 2019-12-20
### Fixed

View file

@ -10,18 +10,26 @@ use std::fmt;
/// attribute is "Strict", then the cookie is never sent in cross-site requests.
/// If the `SameSite` attribute is "Lax", the cookie is only sent in cross-site
/// requests with "safe" HTTP methods, i.e, `GET`, `HEAD`, `OPTIONS`, `TRACE`.
/// If the `SameSite` attribute is not present (made explicit via the
/// `SameSite::None` variant), then the cookie will be sent as normal.
/// If the `SameSite` attribute is not present then the cookie will be sent as
/// normal. In some browsers, this will implicitly handle the cookie as if "Lax"
/// and in others, "None". It's best to explicitly set the `SameSite` attribute
/// to avoid inconsistent behavior.
///
/// **Note:** Depending on browser, the `Secure` attribute may be required for
/// `SameSite` "None" cookies to be accepted.
///
/// **Note:** This cookie attribute is an HTTP draft! Its meaning and definition
/// are subject to change.
///
/// More info about these draft changes can be found in the draft spec:
/// - https://tools.ietf.org/html/draft-west-cookie-incrementalism-00
#[derive(Debug, Clone, Copy, PartialEq, Eq, Hash)]
pub enum SameSite {
/// The "Strict" `SameSite` attribute.
Strict,
/// The "Lax" `SameSite` attribute.
Lax,
/// No `SameSite` attribute.
/// The "None" `SameSite` attribute.
None,
}
@ -92,7 +100,7 @@ impl fmt::Display for SameSite {
match *self {
SameSite::Strict => write!(f, "Strict"),
SameSite::Lax => write!(f, "Lax"),
SameSite::None => Ok(()),
SameSite::None => write!(f, "None"),
}
}
}

View file

@ -746,9 +746,7 @@ impl<'c> Cookie<'c> {
}
if let Some(same_site) = self.same_site() {
if !same_site.is_none() {
write!(f, "; SameSite={}", same_site)?;
}
write!(f, "; SameSite={}", same_site)?;
}
if let Some(path) = self.path() {
@ -1037,7 +1035,7 @@ mod tests {
let cookie = Cookie::build("foo", "bar")
.same_site(SameSite::None)
.finish();
assert_eq!(&cookie.to_string(), "foo=bar");
assert_eq!(&cookie.to_string(), "foo=bar; SameSite=None");
}
#[test]