Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add isSameSite to schema #142

Merged
merged 3 commits into from Feb 17, 2017
Merged
Changes from all commits
Commits
File filter...
Filter file types
Jump to…
Jump to file or symbol
Failed to load files and symbols.

Always

Just for now

@@ -29,6 +29,7 @@ The `'cookie`' scheme takes the following required options:
expired in the response and cleared. Defaults to `false`.
- `keepAlive` - if `true`, automatically sets the session cookie after validation to extend the
current session for a new `ttl` duration. Defaults to `false`.
- `isSameSite` - if `false` omitted. Other options `Strict` or `Lax`. Defaults to `Strict`.
- `isSecure` - if `false`, the cookie is allowed to be transmitted over insecure connections which
exposes it to attacks. Defaults to `true`.
- `isHttpOnly` - if `false`, the cookie will not include the 'HttpOnly' flag. Defaults to `true`.
@@ -30,6 +30,7 @@ internals.schema = Joi.object({
path: Joi.string().default('/'),
clearInvalid: Joi.boolean().default(false),
keepAlive: Joi.boolean().default(false),
isSameSite: Joi.valid('Strict', 'Lax').allow(false).default('Strict'),
isSecure: Joi.boolean().default(true),
isHttpOnly: Joi.boolean().default(true),
redirectTo: Joi.string().allow(false),
@@ -51,6 +52,7 @@ internals.implementation = function (server, options) {
password: settings.password,
isSecure: settings.isSecure, // Defaults to true
path: settings.path,
isSameSite: settings.isSameSite,
isHttpOnly: settings.isHttpOnly, // Defaults to true
clearInvalid: settings.clearInvalid,
ignoreErrors: true
@@ -24,7 +24,7 @@
},
"devDependencies": {
"code": "2.x.x",
"hapi": "13.x.x",
"hapi": "15.x.x",
"lab": "10.x.x"
},
"scripts": {
@@ -318,7 +318,7 @@ describe('scheme', () => {

expect(res2.statusCode).to.equal(200);
expect(res2.result).to.equal('logged-out');
expect(res2.headers['set-cookie'][0]).to.equal('special=; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:00 GMT; Secure; HttpOnly; Domain=example.com; Path=/');
expect(res2.headers['set-cookie'][0]).to.equal('special=; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:00 GMT; Secure; HttpOnly; SameSite=Strict; Domain=example.com; Path=/');
done();
});
/* eslint-enable hapi/no-shadow-relaxed */
@@ -380,7 +380,7 @@ describe('scheme', () => {
/* eslint-disable hapi/no-shadow-relaxed */
server.inject({ method: 'GET', url: '/resource', headers: { cookie: 'special=' + cookie[1] } }, (res2) => {

expect(res2.headers['set-cookie'][0]).to.equal('special=; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:00 GMT; Secure; HttpOnly; Domain=example.com; Path=/');
expect(res2.headers['set-cookie'][0]).to.equal('special=; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:00 GMT; Secure; HttpOnly; SameSite=Strict; Domain=example.com; Path=/');
expect(res2.statusCode).to.equal(401);
done();
});
@@ -1600,7 +1600,7 @@ describe('scheme', () => {
server.inject({ url: '/', headers: { cookie: 'sid=123456' } }, (res) => {

expect(res.statusCode).to.equal(401);
expect(res.headers['set-cookie'][0]).to.equal('sid=; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:00 GMT; Secure; HttpOnly; Path=/');
expect(res.headers['set-cookie'][0]).to.equal('sid=; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:00 GMT; Secure; HttpOnly; SameSite=Strict; Path=/');
done();
});
});
ProTip! Use n and p to navigate between commits in a pull request.
You can’t perform that action at this time.