Unverified Commit 97f31016 authored by picklesrus's avatar picklesrus Committed by GitHub

Merge pull request #4281 from picklesrus/lax-cookies

Make the cookie library set the SameSite cookie value to Lax by default
parents 83a5401b 6078c365
...@@ -78,7 +78,8 @@ const Jar = { ...@@ -78,7 +78,8 @@ const Jar = {
set: (name, value, opts) => { set: (name, value, opts) => {
opts = opts || {}; opts = opts || {};
defaults(opts, { defaults(opts, {
expires: new Date(new Date().setYear(new Date().getFullYear() + 1)) expires: new Date(new Date().setYear(new Date().getFullYear() + 1)),
sameSite: 'Lax' // cookie library requires this capitialization of sameSite
}); });
opts.path = '/'; opts.path = '/';
const obj = cookie.serialize(name, value, opts); const obj = cookie.serialize(name, value, opts);
......
const jar = require('../../../src/lib/jar');
const cookie = require('cookie');
jest.mock('cookie', () => ({serialize: jest.fn()}));
describe('unit test lib/jar.js', () => {
test('simple set test with no opts', () => {
jar.set('name', 'value');
expect(cookie.serialize).toHaveBeenCalled();
expect(cookie.serialize).toHaveBeenCalledWith('name', 'value',
expect.objectContaining({
path: '/',
sameSite: 'Lax',
expires: expect.anything() // not specifically matching the date because it is hard to mock
}));
});
test('test with opts', () => {
jar.set('a', 'b', {option: 'one'});
expect(cookie.serialize).toHaveBeenCalled();
expect(cookie.serialize).toHaveBeenCalledWith('a', 'b',
expect.objectContaining({
option: 'one',
path: '/',
sameSite: 'Lax',
expires: expect.anything() // not specifically matching the date because it is hard to mock
}));
});
test('expires opts overrides default', () => {
jar.set('a', 'b', {
option: 'one',
expires: 'someday'
});
expect(cookie.serialize).toHaveBeenCalled();
expect(cookie.serialize).toHaveBeenCalledWith('a', 'b',
expect.objectContaining({
option: 'one',
path: '/',
expires: 'someday'
}));
});
test('sameSite opts overrides default', () => {
jar.set('a', 'b', {
option: 'one',
sameSite: 'override'
});
expect(cookie.serialize).toHaveBeenCalled();
expect(cookie.serialize).toHaveBeenCalledWith('a', 'b',
expect.objectContaining({
option: 'one',
sameSite: 'override'
}));
});
});
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment