docs: Updating context.md with the latest cookies opts (#1433)

koajs · Apr 10, 2020 · 7deedb2 · 7deedb2
1 parent 3e97a10
commit 7deedb2
Showing 1 changed file with 9 additions and 8 deletions.
diff --git a/docs/api/context.md b/docs/api/context.md
@@ -78,14 +78,15 @@ Koa uses the [cookies](https://github.com/pillarjs/cookies) module where options
 
   Set cookie `name` to `value` with `options`:
 
- - `maxAge` a number representing the milliseconds from Date.now() for expiry
- - `signed` sign the cookie value
- - `expires` a `Date` for cookie expiration
- - `path` cookie path, `'/'` by default
- - `domain` cookie domain
- - `secure` secure cookie
- - `httpOnly` server-accessible cookie, __true__ by default
- - `overwrite` a boolean indicating whether to overwrite previously set cookies of the same name (__false__ by default). If this is true, all cookies set during the same request with the same name (regardless of path or domain) are filtered out of the Set-Cookie header when setting this cookie.
+* `maxAge`: a number representing the milliseconds from `Date.now()` for expiry.
+* `expires`: a `Date` object indicating the cookie's expiration date (expires at the end of session by default).
+* `path`: a string indicating the path of the cookie (`/` by default).
+* `domain`: a string indicating the domain of the cookie (no default).
+* `secure`: a boolean indicating whether the cookie is only to be sent over HTTPS (`false` by default for HTTP, `true` by default for HTTPS). [Read more about this option](https://github.com/pillarjs/cookies#secure-cookies).
+* `httpOnly`: a boolean indicating whether the cookie is only to be sent over HTTP(S), and not made available to client JavaScript (`true` by default).
+* `sameSite`: a boolean or string indicating whether the cookie is a "same site" cookie (`false` by default). This can be set to `'strict'`, `'lax'`, `'none'`, or `true` (which maps to `'strict'`).
+* `signed`: a boolean indicating whether the cookie is to be signed (`false` by default). If this is true, another cookie of the same name with the `.sig` suffix appended will also be sent, with a 27-byte url-safe base64 SHA1 value representing the hash of _cookie-name_=_cookie-value_ against the first [Keygrip](https://www.npmjs.com/package/keygrip) key. This signature key is used to detect tampering the next time a cookie is received.
+* `overwrite`: a boolean indicating whether to overwrite previously set cookies of the same name (`false` by default). If this is true, all cookies set during the same request with the same name (regardless of path or domain) are filtered out of the Set-Cookie header when setting this cookie.
 
 Koa uses the [cookies](https://github.com/pillarjs/cookies) module where options are simply passed.