Skip to content

Commit

Permalink
Set "Secure" on Same SIte cookies (#1119)
Browse files Browse the repository at this point in the history
  • Loading branch information
hhhjort authored and mansinahar committed Nov 20, 2019
1 parent 75117e2 commit e58ad1f
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 1 deletion.
7 changes: 6 additions & 1 deletion usersync/cookie.go
Original file line number Diff line number Diff line change
Expand Up @@ -193,19 +193,24 @@ func (cookie *PBSCookie) SetCookieOnResponse(w http.ResponseWriter, setSiteCooki
currSize = len([]byte(httpCookie.String()))
}

uidsCookieStr := httpCookie.String()
var uidsCookieStr string
var sameSiteCookie *http.Cookie
if setSiteCookie {
httpCookie.Secure = true
uidsCookieStr = httpCookie.String()
uidsCookieStr += SameSiteAttribute
sameSiteCookie = &http.Cookie{
Name: SameSiteCookieName,
Value: SameSiteCookieValue,
Expires: time.Now().Add(ttl),
Path: "/",
Secure: true,
}
sameSiteCookieStr := sameSiteCookie.String()
sameSiteCookieStr += SameSiteAttribute
w.Header().Add("Set-Cookie", sameSiteCookieStr)
} else {
uidsCookieStr = httpCookie.String()
}
w.Header().Add("Set-Cookie", uidsCookieStr)
}
Expand Down
3 changes: 3 additions & 0 deletions usersync/cookie_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -425,6 +425,9 @@ func TestSetCookieOnResponseForSameSiteNone(t *testing.T) {
if !strings.Contains(writtenCookie, "SSCookie=1") {
t.Error("Set-Cookie should contain SSCookie=1")
}
if !strings.Contains(writtenCookie, "; Secure;") {
t.Error("Set-Cookie should contain Secure")
}
}

func TestSetCookieOnResponseForOlderChromeVersion(t *testing.T) {
Expand Down

0 comments on commit e58ad1f

Please sign in to comment.