mirror of https://github.com/gofiber/fiber.git
cookie: add possibility to disable same site attribute (#1428)
* fix some old browsers cann't set the cookie if it contains SameSite property. * add "SameSite" attribute constants and test case. Co-authored-by: wangjiangao <wangjiangao@360.cn>pull/1442/head
wja513
GitHub
parent
005471d7ca
commit
dd45be693a
7
ctx.go
7
ctx.go
|
|
@ -33,7 +33,6 @@ const maxParams = 30
|
|||
|
||||
const queryTag = "query"
|
||||
|
||||
|
||||
// Ctx represents the Context which hold the HTTP request and response.
|
||||
// It has methods for the request query string, parameters, body, HTTP headers and so on.
|
||||
type Ctx struct {
|
||||
|
|
@ -364,10 +363,12 @@ func (c *Ctx) Cookie(cookie *Cookie) {
|
|||
fcookie.SetHTTPOnly(cookie.HTTPOnly)
|
||||
|
||||
switch utils.ToLower(cookie.SameSite) {
|
||||
case "strict":
|
||||
case CookieSameSiteStrictMode:
|
||||
fcookie.SetSameSite(fasthttp.CookieSameSiteStrictMode)
|
||||
case "none":
|
||||
case CookieSameSiteNoneMode:
|
||||
fcookie.SetSameSite(fasthttp.CookieSameSiteNoneMode)
|
||||
case CookieSameSiteDisabled:
|
||||
fcookie.SetSameSite(fasthttp.CookieSameSiteDisabled)
|
||||
default:
|
||||
fcookie.SetSameSite(fasthttp.CookieSameSiteLaxMode)
|
||||
}
|
||||
|
|
|
|||
23
ctx_test.go
23
ctx_test.go
|
|
@ -524,16 +524,31 @@ func Test_Ctx_Cookie(t *testing.T) {
|
|||
var dst []byte
|
||||
dst = expire.In(time.UTC).AppendFormat(dst, time.RFC1123)
|
||||
httpdate := strings.Replace(string(dst), "UTC", "GMT", -1)
|
||||
c.Cookie(&Cookie{
|
||||
cookie := &Cookie{
|
||||
Name: "username",
|
||||
Value: "john",
|
||||
Expires: expire,
|
||||
})
|
||||
//SameSite: CookieSameSiteStrictMode, // default is "lax"
|
||||
}
|
||||
c.Cookie(cookie)
|
||||
expect := "username=john; expires=" + httpdate + "; path=/; SameSite=Lax"
|
||||
utils.AssertEqual(t, expect, string(c.Response().Header.Peek(HeaderSetCookie)))
|
||||
|
||||
c.Cookie(&Cookie{SameSite: "strict"})
|
||||
c.Cookie(&Cookie{SameSite: "none"})
|
||||
expect = "username=john; expires=" + httpdate + "; path=/"
|
||||
cookie.SameSite = CookieSameSiteDisabled
|
||||
c.Cookie(cookie)
|
||||
utils.AssertEqual(t, expect, string(c.Response().Header.Peek(HeaderSetCookie)))
|
||||
|
||||
expect = "username=john; expires=" + httpdate + "; path=/; SameSite=Strict"
|
||||
cookie.SameSite = CookieSameSiteStrictMode
|
||||
c.Cookie(cookie)
|
||||
utils.AssertEqual(t, expect, string(c.Response().Header.Peek(HeaderSetCookie)))
|
||||
|
||||
expect = "username=john; expires=" + httpdate + "; path=/; secure; SameSite=None"
|
||||
cookie.Secure = true
|
||||
cookie.SameSite = CookieSameSiteNoneMode
|
||||
c.Cookie(cookie)
|
||||
utils.AssertEqual(t, expect, string(c.Response().Header.Peek(HeaderSetCookie)))
|
||||
}
|
||||
|
||||
// go test -v -run=^$ -bench=Benchmark_Ctx_Cookie -benchmem -count=4
|
||||
|
|
|
|||
99
helpers.go
99
helpers.go
|
|
@ -631,51 +631,51 @@ const (
|
|||
HeaderCrossOriginResourcePolicy = "Cross-Origin-Resource-Policy"
|
||||
HeaderExpectCT = "Expect-CT"
|
||||
// Deprecated: use HeaderPermissionsPolicy instead
|
||||
HeaderFeaturePolicy = "Feature-Policy"
|
||||
HeaderPermissionsPolicy = "Permissions-Policy"
|
||||
HeaderPublicKeyPins = "Public-Key-Pins"
|
||||
HeaderPublicKeyPinsReportOnly = "Public-Key-Pins-Report-Only"
|
||||
HeaderStrictTransportSecurity = "Strict-Transport-Security"
|
||||
HeaderUpgradeInsecureRequests = "Upgrade-Insecure-Requests"
|
||||
HeaderXContentTypeOptions = "X-Content-Type-Options"
|
||||
HeaderXDownloadOptions = "X-Download-Options"
|
||||
HeaderXFrameOptions = "X-Frame-Options"
|
||||
HeaderXPoweredBy = "X-Powered-By"
|
||||
HeaderXXSSProtection = "X-XSS-Protection"
|
||||
HeaderLastEventID = "Last-Event-ID"
|
||||
HeaderNEL = "NEL"
|
||||
HeaderPingFrom = "Ping-From"
|
||||
HeaderPingTo = "Ping-To"
|
||||
HeaderReportTo = "Report-To"
|
||||
HeaderTE = "TE"
|
||||
HeaderTrailer = "Trailer"
|
||||
HeaderTransferEncoding = "Transfer-Encoding"
|
||||
HeaderSecWebSocketAccept = "Sec-WebSocket-Accept"
|
||||
HeaderSecWebSocketExtensions = "Sec-WebSocket-Extensions"
|
||||
HeaderSecWebSocketKey = "Sec-WebSocket-Key"
|
||||
HeaderSecWebSocketProtocol = "Sec-WebSocket-Protocol"
|
||||
HeaderSecWebSocketVersion = "Sec-WebSocket-Version"
|
||||
HeaderAcceptPatch = "Accept-Patch"
|
||||
HeaderAcceptPushPolicy = "Accept-Push-Policy"
|
||||
HeaderAcceptSignature = "Accept-Signature"
|
||||
HeaderAltSvc = "Alt-Svc"
|
||||
HeaderDate = "Date"
|
||||
HeaderIndex = "Index"
|
||||
HeaderLargeAllocation = "Large-Allocation"
|
||||
HeaderLink = "Link"
|
||||
HeaderPushPolicy = "Push-Policy"
|
||||
HeaderRetryAfter = "Retry-After"
|
||||
HeaderServerTiming = "Server-Timing"
|
||||
HeaderSignature = "Signature"
|
||||
HeaderSignedHeaders = "Signed-Headers"
|
||||
HeaderSourceMap = "SourceMap"
|
||||
HeaderUpgrade = "Upgrade"
|
||||
HeaderXDNSPrefetchControl = "X-DNS-Prefetch-Control"
|
||||
HeaderXPingback = "X-Pingback"
|
||||
HeaderXRequestID = "X-Request-ID"
|
||||
HeaderXRequestedWith = "X-Requested-With"
|
||||
HeaderXRobotsTag = "X-Robots-Tag"
|
||||
HeaderXUACompatible = "X-UA-Compatible"
|
||||
HeaderFeaturePolicy = "Feature-Policy"
|
||||
HeaderPermissionsPolicy = "Permissions-Policy"
|
||||
HeaderPublicKeyPins = "Public-Key-Pins"
|
||||
HeaderPublicKeyPinsReportOnly = "Public-Key-Pins-Report-Only"
|
||||
HeaderStrictTransportSecurity = "Strict-Transport-Security"
|
||||
HeaderUpgradeInsecureRequests = "Upgrade-Insecure-Requests"
|
||||
HeaderXContentTypeOptions = "X-Content-Type-Options"
|
||||
HeaderXDownloadOptions = "X-Download-Options"
|
||||
HeaderXFrameOptions = "X-Frame-Options"
|
||||
HeaderXPoweredBy = "X-Powered-By"
|
||||
HeaderXXSSProtection = "X-XSS-Protection"
|
||||
HeaderLastEventID = "Last-Event-ID"
|
||||
HeaderNEL = "NEL"
|
||||
HeaderPingFrom = "Ping-From"
|
||||
HeaderPingTo = "Ping-To"
|
||||
HeaderReportTo = "Report-To"
|
||||
HeaderTE = "TE"
|
||||
HeaderTrailer = "Trailer"
|
||||
HeaderTransferEncoding = "Transfer-Encoding"
|
||||
HeaderSecWebSocketAccept = "Sec-WebSocket-Accept"
|
||||
HeaderSecWebSocketExtensions = "Sec-WebSocket-Extensions"
|
||||
HeaderSecWebSocketKey = "Sec-WebSocket-Key"
|
||||
HeaderSecWebSocketProtocol = "Sec-WebSocket-Protocol"
|
||||
HeaderSecWebSocketVersion = "Sec-WebSocket-Version"
|
||||
HeaderAcceptPatch = "Accept-Patch"
|
||||
HeaderAcceptPushPolicy = "Accept-Push-Policy"
|
||||
HeaderAcceptSignature = "Accept-Signature"
|
||||
HeaderAltSvc = "Alt-Svc"
|
||||
HeaderDate = "Date"
|
||||
HeaderIndex = "Index"
|
||||
HeaderLargeAllocation = "Large-Allocation"
|
||||
HeaderLink = "Link"
|
||||
HeaderPushPolicy = "Push-Policy"
|
||||
HeaderRetryAfter = "Retry-After"
|
||||
HeaderServerTiming = "Server-Timing"
|
||||
HeaderSignature = "Signature"
|
||||
HeaderSignedHeaders = "Signed-Headers"
|
||||
HeaderSourceMap = "SourceMap"
|
||||
HeaderUpgrade = "Upgrade"
|
||||
HeaderXDNSPrefetchControl = "X-DNS-Prefetch-Control"
|
||||
HeaderXPingback = "X-Pingback"
|
||||
HeaderXRequestID = "X-Request-ID"
|
||||
HeaderXRequestedWith = "X-Requested-With"
|
||||
HeaderXRobotsTag = "X-Robots-Tag"
|
||||
HeaderXUACompatible = "X-UA-Compatible"
|
||||
)
|
||||
|
||||
// Network types that are commonly used
|
||||
|
|
@ -692,3 +692,12 @@ const (
|
|||
StrDeflate = "deflate"
|
||||
StrBrotli = "brotli"
|
||||
)
|
||||
|
||||
// Cookie SameSite
|
||||
// https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis-03#section-4.1.2.7
|
||||
const (
|
||||
CookieSameSiteDisabled = "disabled" // not in RFC, just control "SameSite" attribute will not be set.
|
||||
CookieSameSiteLaxMode = "lax"
|
||||
CookieSameSiteStrictMode = "strict"
|
||||
CookieSameSiteNoneMode = "none"
|
||||
)
|
||||
|
|
|
|||
Loading…
Reference in New Issue