Added support for SameSite=None cookie value, added in revision 3 of …

…rfc6265bis - https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-03#appendix-A.4 - Indicates that cookie is used as a third party cookie.
rack · Jan 7, 2020 · 0177005 · 0177005
1 parent e7ee459
commit 0177005
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 0 deletions.
diff --git a/lib/rack/utils.rb b/lib/rack/utils.rb
@@ -252,6 +252,8 @@ def add_cookie_to_header(header, key, value)
           case value[:same_site]
           when false, nil
             nil
+          when :none, 'None', :None
+            '; SameSite=None'.freeze
           when :lax, 'Lax', :Lax
             '; SameSite=Lax'.freeze
           when true, :strict, 'Strict', :Strict

diff --git a/test/spec_response.rb b/test/spec_response.rb
@@ -115,6 +115,24 @@
     response["Set-Cookie"].must_equal "foo=bar"
   end
 
+  it "can set SameSite cookies with symbol value :none" do
+    response = Rack::Response.new
+    response.set_cookie "foo", { value: "bar", same_site: :none }
+    response["Set-Cookie"].must_equal "foo=bar; SameSite=None"
+  end
+
+  it "can set SameSite cookies with symbol value :None" do
+    response = Rack::Response.new
+    response.set_cookie "foo", { value: "bar", same_site: :None }
+    response["Set-Cookie"].must_equal "foo=bar; SameSite=None"
+  end
+
+  it "can set SameSite cookies with string value 'None'" do
+    response = Rack::Response.new
+    response.set_cookie "foo", { value: "bar", same_site: "None" }
+    response["Set-Cookie"].must_equal "foo=bar; SameSite=None"
+  end
+
   it "can set SameSite cookies with symbol value :lax" do
     response = Rack::Response.new
     response.set_cookie "foo", {:value => "bar", :same_site => :lax}