From 7deedb235274223f1b9da46dee296545b23598de Mon Sep 17 00:00:00 2001 From: Brad Ito Date: Fri, 10 Apr 2020 03:59:33 -0500 Subject: [PATCH] docs: Updating context.md with the latest cookies opts (#1433) --- docs/api/context.md | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/docs/api/context.md b/docs/api/context.md index 30b5226c4..bf3a2dd03 100644 --- a/docs/api/context.md +++ b/docs/api/context.md @@ -78,14 +78,15 @@ Koa uses the [cookies](https://github.com/pillarjs/cookies) module where options Set cookie `name` to `value` with `options`: - - `maxAge` a number representing the milliseconds from Date.now() for expiry - - `signed` sign the cookie value - - `expires` a `Date` for cookie expiration - - `path` cookie path, `'/'` by default - - `domain` cookie domain - - `secure` secure cookie - - `httpOnly` server-accessible cookie, __true__ by default - - `overwrite` a boolean indicating whether to overwrite previously set cookies of the same name (__false__ by default). If this is true, all cookies set during the same request with the same name (regardless of path or domain) are filtered out of the Set-Cookie header when setting this cookie. +* `maxAge`: a number representing the milliseconds from `Date.now()` for expiry. +* `expires`: a `Date` object indicating the cookie's expiration date (expires at the end of session by default). +* `path`: a string indicating the path of the cookie (`/` by default). +* `domain`: a string indicating the domain of the cookie (no default). +* `secure`: a boolean indicating whether the cookie is only to be sent over HTTPS (`false` by default for HTTP, `true` by default for HTTPS). [Read more about this option](https://github.com/pillarjs/cookies#secure-cookies). +* `httpOnly`: a boolean indicating whether the cookie is only to be sent over HTTP(S), and not made available to client JavaScript (`true` by default). +* `sameSite`: a boolean or string indicating whether the cookie is a "same site" cookie (`false` by default). This can be set to `'strict'`, `'lax'`, `'none'`, or `true` (which maps to `'strict'`). +* `signed`: a boolean indicating whether the cookie is to be signed (`false` by default). If this is true, another cookie of the same name with the `.sig` suffix appended will also be sent, with a 27-byte url-safe base64 SHA1 value representing the hash of _cookie-name_=_cookie-value_ against the first [Keygrip](https://www.npmjs.com/package/keygrip) key. This signature key is used to detect tampering the next time a cookie is received. +* `overwrite`: a boolean indicating whether to overwrite previously set cookies of the same name (`false` by default). If this is true, all cookies set during the same request with the same name (regardless of path or domain) are filtered out of the Set-Cookie header when setting this cookie. Koa uses the [cookies](https://github.com/pillarjs/cookies) module where options are simply passed.