From 6e49ab466485e8f9a57c4966f80965b7908aa7b3 Mon Sep 17 00:00:00 2001 From: Vivek R Date: Fri, 4 Sep 2020 14:36:50 +0530 Subject: [PATCH] feat: add support for SameSite param in cookie --- go.mod | 2 ++ manager.go | 3 +++ manager_test.go | 2 ++ session.go | 1 + session_test.go | 2 ++ 5 files changed, 10 insertions(+) diff --git a/go.mod b/go.mod index 4fb39d9..b25a544 100644 --- a/go.mod +++ b/go.mod @@ -5,3 +5,5 @@ require ( github.com/pmezard/go-difflib v1.0.0 // indirect github.com/stretchr/testify v1.2.2 ) + +go 1.13 diff --git a/manager.go b/manager.go index 576150f..e46cd51 100644 --- a/manager.go +++ b/manager.go @@ -53,6 +53,9 @@ type Options struct { // CookieLifeTime sets expiry time for cookie. // If expiry time is not specified then cookie is set as session cookie which is cleared on browser close. CookieLifetime time.Duration + + // SameSite sets allows you to declare if your cookie should be restricted to a first-party or same-site context. + SameSite http.SameSite } // New creates a new session manager for given options. diff --git a/manager_test.go b/manager_test.go index 4348671..2ba4d7b 100644 --- a/manager_test.go +++ b/manager_test.go @@ -27,6 +27,7 @@ func TestManagerNewManagerWithOptions(t *testing.T) { CookiePath: "/abc/123", IsSecureCookie: true, IsHTTPOnlyCookie: true, + SameSite: http.SameSiteLaxMode, CookieLifetime: 2000 * time.Millisecond, } @@ -40,6 +41,7 @@ func TestManagerNewManagerWithOptions(t *testing.T) { assert.Equal(m.opts.CookieDomain, opts.CookieDomain) assert.Equal(m.opts.CookiePath, opts.CookiePath) assert.Equal(m.opts.IsSecureCookie, opts.IsSecureCookie) + assert.Equal(m.opts.SameSite, opts.SameSite) assert.Equal(m.opts.IsHTTPOnlyCookie, opts.IsHTTPOnlyCookie) assert.Equal(m.opts.CookieLifetime, opts.CookieLifetime) } diff --git a/session.go b/session.go index 3db15e0..669789d 100644 --- a/session.go +++ b/session.go @@ -140,6 +140,7 @@ func (s *Session) WriteCookie(cv string) error { Path: s.manager.opts.CookiePath, Secure: s.manager.opts.IsSecureCookie, HttpOnly: s.manager.opts.IsHTTPOnlyCookie, + SameSite: s.manager.opts.SameSite, } // Set cookie expiry diff --git a/session_test.go b/session_test.go index a6b44d9..903604f 100644 --- a/session_test.go +++ b/session_test.go @@ -323,6 +323,7 @@ func TestSessionWriteCookie(t *testing.T) { IsHTTPOnlyCookie: true, IsSecureCookie: true, DisableAutoSet: true, + SameSite: http.SameSiteDefaultMode, } mockStore.isValid = true @@ -335,6 +336,7 @@ func TestSessionWriteCookie(t *testing.T) { assert.Equal(sess.cookie.Domain, mockManager.opts.CookieDomain) assert.Equal(sess.cookie.Path, mockManager.opts.CookiePath) assert.Equal(sess.cookie.Secure, mockManager.opts.IsSecureCookie) + assert.Equal(sess.cookie.SameSite, mockManager.opts.SameSite) assert.Equal(sess.cookie.HttpOnly, mockManager.opts.IsHTTPOnlyCookie) // Ignore seconds