Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Add support for SameSite=X & __Secure- / __Host- prefixes #39

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Add support for SameSite=X & __Secure- / __Host- prefixes #39

wants to merge 1 commit into from

Conversation

geoffyoungs
Copy link

Currently if a site specifies SameSite=None etc in the set-cookie header, it will be lost when HTTP::Cookie.parse parses it.

This PR adds support for parsing, preserving and restoring, via HTTP::Cookie#set_cookie_value the SameSite=X attribute.

It also respects the __Secure- and __Host- prefixes and rejects cookies that violate the spec.

Sources:

@geoffyoungs
Add support for SameSite=X & __Secure- / __Host- prefixes
4005a21 
Currently if a site specifies SameSite=None in the cookie, it will be
lost when HTTP::Cookie.parse parses it.

This PR adds support for parsing, preserving and restoring, via
HTTP::Cookie#set_cookie_value the SameSite=X attribute.

It also respects the __Secure- and __Host- prefixes and rejects cookies
that violate the spec.

Sources:
 - https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#samesite_attribute
 - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#cookie_prefixes
 - https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-prefixes
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@geoffyoungs