Add SameSite cookie attribute support

Adds SameSite support: mainmatter/ember-cookies#269
Exelord · May 27, 2019 · 3cdf181 · 3cdf181
1 parent 7a4e164
commit 3cdf181
Showing 1 changed file with 18 additions and 1 deletion.
diff --git a/addon/session-stores/cookie.js b/addon/session-stores/cookie.js
@@ -83,6 +83,22 @@ export default BaseStore.extend({
   */
   _cookieDomain: null,
   cookieDomain: persistingProperty(),
+
+  /**
+    Allows servers to assert that a cookie ought not to be sent along with cross-site requests,
+    which provides some protection against cross-site request forgery attacks (CSRF).
+    
+    Available options:
+    - "Strict"
+    - "Lax"
+
+    @property sameSite
+    @type String
+    @default null
+    @public
+  */
+  _sameSite: null,
+  sameSite: persistingProperty(),
 
   /**
     The name of the cookie.
@@ -237,7 +253,8 @@ export default BaseStore.extend({
       domain: this.get('cookieDomain'),
       expires: isEmpty(expiration) ? null : new Date(expiration),
       path: this.get('cookiePath'),
-      secure: this.get('_secureCookies')
+      secure: this.get('_secureCookies'),
+      sameSite: this.get('sameSite')
     };
     if (this._oldCookieName) {
       A([this._oldCookieName, `${this._oldCookieName}-expiration_time`]).forEach((oldCookie) => {