Make the cookie library set the SamSite cookie value to strict by default. If...

Make the cookie library set the SamSite cookie value to strict by default. If callers want to set it to something else, they can pass it through the opts object like they can 'exprires'. Also added a test file for jar.js so I could test the set method. The other methods remain untested.

Make the cookie library set the SamSite cookie value to strict by default. If...
Make the cookie library set the SamSite cookie value to strict by default. If callers want to set it to something else, they can pass it through the opts object like they can 'exprires'. Also added a test file for jar.js so I could test the set method. The other methods remain untested.
10a4e92d · picklesrus · c8aa7250 · 10a4e92d · 10a4e92d
Commit 10a4e92d authored Jul 20, 2020 by picklesrus
Hide whitespace changes
Inline Side-by-side

Showing with 55 additions and 1 deletion

src/lib/jar.js src/lib/jar.js +2 -1

test/unit/lib/jar.test.js test/unit/lib/jar.test.js +53 -0

No files found.
--- a/src/lib/jar.js
+++ b/src/lib/jar.js
@@ -78,7 +78,8 @@ const Jar = {
    set: (name, value, opts) => {
        opts = opts || {};
        defaults(opts, {
-            expires: new Date(new Date().setYear(new Date().getFullYear() + 1))
+            expires: new Date(new Date().setYear(new Date().getFullYear() + 1)),
+            SameSite: 'Strict'
        });
        opts.path = '/';
        const obj = cookie.serialize(name, value, opts);

--- a/test/unit/lib/jar.test.js
+++ b/test/unit/lib/jar.test.js
+const jar = require('../../../src/lib/jar');
+const cookie = require('cookie');
+jest.mock('cookie', () => ({serialize: jest.fn()}));
+describe('unit test lib/jar.js', () => {
+    test('simple set test with no opts', () => {
+        jar.set('name', 'value');
+        expect(cookie.serialize).toHaveBeenCalled();
+        expect(cookie.serialize).toHaveBeenCalledWith('name', 'value',
+            expect.objectContaining({
+                path: '/',
+                SameSite: 'Strict',
+                expires: expect.anything() // not specifically matching the date because it is hard to mock
+            }));
+    });
+    test('test with opts', () => {
+        jar.set('a', 'b', {option: 'one'});
+        expect(cookie.serialize).toHaveBeenCalled();
+        expect(cookie.serialize).toHaveBeenCalledWith('a', 'b',
+            expect.objectContaining({
+                option: 'one',
+                path: '/',
+                SameSite: 'Strict',
+                expires: expect.anything() // not specifically matching the date because it is hard to mock
+            }));
+    });
+    test('expires opts overrides default', () => {
+        jar.set('a', 'b', {
+            option: 'one',
+            expires: 'someday'
+        });
+        expect(cookie.serialize).toHaveBeenCalled();
+        expect(cookie.serialize).toHaveBeenCalledWith('a', 'b',
+            expect.objectContaining({
+                option: 'one',
+                path: '/',
+                expires: 'someday'
+            }));
+    });
+    test('SameSite opts overrides default', () => {
+        jar.set('a', 'b', {
+            option: 'one',
+            SameSite: 'override'
+        });
+        expect(cookie.serialize).toHaveBeenCalled();
+        expect(cookie.serialize).toHaveBeenCalledWith('a', 'b',
+            expect.objectContaining({
+                option: 'one',
+                SameSite: 'override'
+            }));
+    });
+});