From b3a2f4dbafca79466195a51b207b486c603c7799 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?G=C3=BCrg=C3=BCn=20Day=C4=B1o=C4=9Flu?=
 <gurgun.dayioglu@icloud.com>
Date: Fri, 26 Jan 2024 15:37:35 +0100
Subject: [PATCH] set sameSite: lax by default (#277)

---
 plugin.js           | 4 ++--
 test/cookie.test.js | 6 +++---
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/plugin.js b/plugin.js
index a3a6130..079a719 100644
--- a/plugin.js
+++ b/plugin.js
@@ -11,7 +11,7 @@ const kReplySetCookiesHookRan = Symbol('fastify.reply.setCookiesHookRan')
 function fastifyCookieSetCookie (reply, name, value, options) {
   parseCookies(reply.server, reply.request, reply)
 
-  const opts = Object.assign({}, options)
+  const opts = Object.assign({ sameSite: 'lax' }, options)
 
   if (opts.expires && Number.isInteger(opts.expires)) {
     opts.expires = new Date(opts.expires)
@@ -25,7 +25,6 @@ function fastifyCookieSetCookie (reply, name, value, options) {
     if (isConnectionSecure(reply.request)) {
       opts.secure = true
     } else {
-      opts.sameSite = 'lax'
       opts.secure = false
     }
   }
@@ -45,6 +44,7 @@ function fastifyCookieClearCookie (reply, name, options) {
     signed: undefined,
     maxAge: undefined
   })
+
   return fastifyCookieSetCookie(reply, name, '', opts)
 }
 
diff --git a/test/cookie.test.js b/test/cookie.test.js
index b045747..ad0ca72 100644
--- a/test/cookie.test.js
+++ b/test/cookie.test.js
@@ -127,8 +127,8 @@ test('should set multiple cookies', (t) => {
     t.equal(cookies[2].name, 'wee')
     t.equal(cookies[2].value, 'woo')
 
-    t.equal(res.headers['set-cookie'][1], 'bar=test; Partitioned')
-    t.equal(res.headers['set-cookie'][2], 'wee=woo; Secure; Partitioned')
+    t.equal(res.headers['set-cookie'][1], 'bar=test; Partitioned; SameSite=Lax')
+    t.equal(res.headers['set-cookie'][2], 'wee=woo; Secure; Partitioned; SameSite=Lax')
   })
 })
 
@@ -957,7 +957,7 @@ test('result in an error if hook-option is set to an invalid value', (t) => {
   const fastify = Fastify()
 
   t.rejects(
-    () => fastify.register(plugin, { hook: true }),
+    async () => fastify.register(plugin, { hook: true }),
     new Error("@fastify/cookie: Invalid value provided for the hook-option. You can set the hook-option only to false, 'onRequest' , 'preParsing' , 'preValidation' or 'preHandler'")
   )
 })