Set "Secure" on Same SIte cookies (prebid#1119)

flux-dev-team · Nov 20, 2019 · e9a1de9 · e9a1de9
1 parent 611d964
commit e9a1de9
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 1 deletion.
diff --git a/usersync/cookie.go b/usersync/cookie.go
@@ -193,19 +193,24 @@ func (cookie *PBSCookie) SetCookieOnResponse(w http.ResponseWriter, setSiteCooki
 		currSize = len([]byte(httpCookie.String()))
 	}
 
-	uidsCookieStr := httpCookie.String()
+	var uidsCookieStr string
 	var sameSiteCookie *http.Cookie
 	if setSiteCookie {
+		httpCookie.Secure = true
+		uidsCookieStr = httpCookie.String()
 		uidsCookieStr += SameSiteAttribute
 		sameSiteCookie = &http.Cookie{
 			Name:    SameSiteCookieName,
 			Value:   SameSiteCookieValue,
 			Expires: time.Now().Add(ttl),
 			Path:    "/",
+			Secure:  true,
 		}
 		sameSiteCookieStr := sameSiteCookie.String()
 		sameSiteCookieStr += SameSiteAttribute
 		w.Header().Add("Set-Cookie", sameSiteCookieStr)
+	} else {
+		uidsCookieStr = httpCookie.String()
 	}
 	w.Header().Add("Set-Cookie", uidsCookieStr)
 }

diff --git a/usersync/cookie_test.go b/usersync/cookie_test.go
@@ -425,6 +425,9 @@ func TestSetCookieOnResponseForSameSiteNone(t *testing.T) {
 	if !strings.Contains(writtenCookie, "SSCookie=1") {
 		t.Error("Set-Cookie should contain SSCookie=1")
 	}
+	if !strings.Contains(writtenCookie, "; Secure;") {
+		t.Error("Set-Cookie should contain Secure")
+	}
 }
 
 func TestSetCookieOnResponseForOlderChromeVersion(t *testing.T) {