Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for SameSite Cookie attribute #640

Closed
chris-dudley opened this issue Aug 10, 2020 · 2 comments · Fixed by #641
Closed

Add support for SameSite Cookie attribute #640

chris-dudley opened this issue Aug 10, 2020 · 2 comments · Fixed by #641

Comments

@chris-dudley
Copy link
Contributor

chris-dudley commented Aug 10, 2020

The ability to set the SameSite cookie attribute would be useful, especially with currently ongoing changes to browsers' handling of cookies without a SameSite policy set.

Modern browsers are currently rolling out changes setting the default for cookies to SameSite=Lax, which prevents cookies from being included in Cross-Origin requests. Without support for setting the SameSite attribute to None, it will be impossible to use cookies in CORS requests, which is especially problematic for Cross-Origin APIs that rely on storing data in the Plumber session cookie.

The proposed changes include adding a new optional parameter called sameSite to the sessionCookie() function and the Response class's setCookie() and removeCookie() methods. If this parameter is set to a character value, the attribute SameSite=<value> will be added to the generated cookie.

@schloerke
Copy link
Collaborator

schloerke commented Aug 10, 2020

PRs are welcome 😄

(Would also need to update pr_cookie())

@chris-dudley
Copy link
Contributor Author

chris-dudley commented Aug 10, 2020

I'm currently finalizing the PR, just needed an issue number to add to the NEWS file :)

Also, good catch on pr_cookie(), I missed that entirely.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants