mirror of
https://github.com/actix/actix-web.git
synced 2024-12-21 23:56:35 +00:00
parent
2e9ab0625e
commit
a3287948d1
4 changed files with 26 additions and 8 deletions
|
@ -1,3 +1,9 @@
|
||||||
|
## Unreleased
|
||||||
|
|
||||||
|
* Setting a cookie's SameSite property, explicitly, to `SameSite::None` will now
|
||||||
|
result in `SameSite=None` being sent with the response Set-Cookie header.
|
||||||
|
To create a cookie without a SameSite attribute, remove any calls setting same_site.
|
||||||
|
|
||||||
## 2.0.0
|
## 2.0.0
|
||||||
|
|
||||||
* `HttpServer::start()` renamed to `HttpServer::run()`. It also possible to
|
* `HttpServer::start()` renamed to `HttpServer::run()`. It also possible to
|
||||||
|
|
|
@ -1,5 +1,11 @@
|
||||||
# Changes
|
# Changes
|
||||||
|
|
||||||
|
# [Unreleased]
|
||||||
|
|
||||||
|
### Fixed
|
||||||
|
|
||||||
|
* Allow `SameSite=None` cookies to be sent in a response.
|
||||||
|
|
||||||
## [1.0.1] - 2019-12-20
|
## [1.0.1] - 2019-12-20
|
||||||
|
|
||||||
### Fixed
|
### Fixed
|
||||||
|
|
|
@ -10,18 +10,26 @@ use std::fmt;
|
||||||
/// attribute is "Strict", then the cookie is never sent in cross-site requests.
|
/// attribute is "Strict", then the cookie is never sent in cross-site requests.
|
||||||
/// If the `SameSite` attribute is "Lax", the cookie is only sent in cross-site
|
/// If the `SameSite` attribute is "Lax", the cookie is only sent in cross-site
|
||||||
/// requests with "safe" HTTP methods, i.e, `GET`, `HEAD`, `OPTIONS`, `TRACE`.
|
/// requests with "safe" HTTP methods, i.e, `GET`, `HEAD`, `OPTIONS`, `TRACE`.
|
||||||
/// If the `SameSite` attribute is not present (made explicit via the
|
/// If the `SameSite` attribute is not present then the cookie will be sent as
|
||||||
/// `SameSite::None` variant), then the cookie will be sent as normal.
|
/// normal. In some browsers, this will implicitly handle the cookie as if "Lax"
|
||||||
|
/// and in others, "None". It's best to explicitly set the `SameSite` attribute
|
||||||
|
/// to avoid inconsistent behavior.
|
||||||
|
///
|
||||||
|
/// **Note:** Depending on browser, the `Secure` attribute may be required for
|
||||||
|
/// `SameSite` "None" cookies to be accepted.
|
||||||
///
|
///
|
||||||
/// **Note:** This cookie attribute is an HTTP draft! Its meaning and definition
|
/// **Note:** This cookie attribute is an HTTP draft! Its meaning and definition
|
||||||
/// are subject to change.
|
/// are subject to change.
|
||||||
|
///
|
||||||
|
/// More info about these draft changes can be found in the draft spec:
|
||||||
|
/// - https://tools.ietf.org/html/draft-west-cookie-incrementalism-00
|
||||||
#[derive(Debug, Clone, Copy, PartialEq, Eq, Hash)]
|
#[derive(Debug, Clone, Copy, PartialEq, Eq, Hash)]
|
||||||
pub enum SameSite {
|
pub enum SameSite {
|
||||||
/// The "Strict" `SameSite` attribute.
|
/// The "Strict" `SameSite` attribute.
|
||||||
Strict,
|
Strict,
|
||||||
/// The "Lax" `SameSite` attribute.
|
/// The "Lax" `SameSite` attribute.
|
||||||
Lax,
|
Lax,
|
||||||
/// No `SameSite` attribute.
|
/// The "None" `SameSite` attribute.
|
||||||
None,
|
None,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -92,7 +100,7 @@ impl fmt::Display for SameSite {
|
||||||
match *self {
|
match *self {
|
||||||
SameSite::Strict => write!(f, "Strict"),
|
SameSite::Strict => write!(f, "Strict"),
|
||||||
SameSite::Lax => write!(f, "Lax"),
|
SameSite::Lax => write!(f, "Lax"),
|
||||||
SameSite::None => Ok(()),
|
SameSite::None => write!(f, "None"),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -746,9 +746,7 @@ impl<'c> Cookie<'c> {
|
||||||
}
|
}
|
||||||
|
|
||||||
if let Some(same_site) = self.same_site() {
|
if let Some(same_site) = self.same_site() {
|
||||||
if !same_site.is_none() {
|
write!(f, "; SameSite={}", same_site)?;
|
||||||
write!(f, "; SameSite={}", same_site)?;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if let Some(path) = self.path() {
|
if let Some(path) = self.path() {
|
||||||
|
@ -1037,7 +1035,7 @@ mod tests {
|
||||||
let cookie = Cookie::build("foo", "bar")
|
let cookie = Cookie::build("foo", "bar")
|
||||||
.same_site(SameSite::None)
|
.same_site(SameSite::None)
|
||||||
.finish();
|
.finish();
|
||||||
assert_eq!(&cookie.to_string(), "foo=bar");
|
assert_eq!(&cookie.to_string(), "foo=bar; SameSite=None");
|
||||||
}
|
}
|
||||||
|
|
||||||
#[test]
|
#[test]
|
||||||
|
|
Loading…
Reference in a new issue