Add SameSite Cookie attribute

See jakartaee#175 Signed-off-by: Adam Klinkosz <spyro@o2.pl>
cleankod · Apr 14, 2020 · 04aab7f · 04aab7f
1 parent 5f4d951
commit 04aab7f
Show file tree

Hide file tree

Showing 2 changed files with 78 additions and 0 deletions.
diff --git a/api/src/main/java/javax/servlet/SessionCookieConfig.java b/api/src/main/java/javax/servlet/SessionCookieConfig.java
@@ -17,6 +17,8 @@
 
 package javax.servlet;
 
+import javax.servlet.http.Cookie;
+
 /**
  * Class that may be used to configure various properties of cookies used for session tracking purposes.
  *
@@ -236,4 +238,24 @@ public interface SessionCookieConfig {
      * @see javax.servlet.http.Cookie#getMaxAge
      */
     public int getMaxAge();
+
+    /**
+     * Returns the <i>SameSite</i> attribute of the cookie.
+     *
+     * @see javax.servlet.http.Cookie.SameSite
+     * @see javax.servlet.http.Cookie#getSameSite()
+     *
+     * @return the <i>SameSite</i> attribute of the cookie
+     */
+    public Cookie.SameSite getSameSite();
+
+    /**
+     * Sets the <i>SameSite</i> attribute of the cookie.
+     *
+     * @see javax.servlet.http.Cookie.SameSite
+     * @see javax.servlet.http.Cookie#setSameSite
+     *
+     * @param sameSite the <i>SameSite</i> attribute of the cookie
+     */
+    public void setSameSite(final Cookie.SameSite sameSite);
 }
diff --git a/api/src/main/java/javax/servlet/http/Cookie.java b/api/src/main/java/javax/servlet/http/Cookie.java
@@ -92,6 +92,7 @@ public class Cookie implements Cloneable, Serializable {
     private boolean secure; // ;Secure ... e.g. use SSL
     private int version = 0; // ;Version=1 ... means RFC 2109++ style
     private boolean isHttpOnly = false;
+    private SameSite sameSite;
 
     /**
      * Constructs a cookie with the specified name and value.
@@ -422,4 +423,59 @@ public void setHttpOnly(boolean isHttpOnly) {
     public boolean isHttpOnly() {
         return isHttpOnly;
     }
+
+    /**
+     * Returns the <i>SameSite</i> attribute of the cookie.
+     *
+     * @return the <i>SameSite</i> attribute of the cookie
+     */
+    public SameSite getSameSite() {
+        return sameSite;
+    }
+
+    /**
+     * Sets the <i>SameSite</i> attribute of the cookie.
+     *
+     * @param sameSite the <i>SameSite</i> attribute of the cookie
+     */
+    public void setSameSite(SameSite sameSite) {
+        this.sameSite = sameSite;
+    }
+
+    /**
+     * Available SameSite directives for the cookie as described in RFC6265bis.
+     */
+    public enum SameSite {
+
+        /**
+         * The cookie will only be sent if the site for the cookie matches the current
+         * site URL. The cookie will not be sent along with requests initiated by
+         * third party websites.
+         */
+        STRICT("Strict"),
+
+        /**
+         * The cookie will only be sent if the site for the cookie matches the current
+         * site URL. The cookie will be sent along with the GET request initiated by
+         * third party website.
+         */
+        LAX("Lax"),
+
+        /**
+         * The cookie will be sent cross-origin. This directive requires the Secure
+         * attribute.
+         */
+        NONE("None");
+
+        private final String value;
+
+        SameSite(final String value) {
+            this.value = value;
+        }
+
+        @Override
+        public String toString() {
+            return this.value;
+        }
+    }
 }