aboutsummaryrefslogtreecommitdiff
path: root/t
diff options
context:
space:
mode:
authorRobert Paprocki <robert@cryptobells.com>2016-05-31 13:41:38 -0700
committerJiale Zhi <vipcalio@gmail.com>2016-06-07 11:31:30 -0700
commit8f414390cc72da90e9a450a2127acaea247e3dda (patch)
tree3b5af925ce4c600aceaef10665378a626ebd4c8a /t
parentb83165199e63eec5c7e58f489eb4ac17657e7c46 (diff)
downloadlua-resty-cookie-8f414390cc72da90e9a450a2127acaea247e3dda.tar.gz
lua-resty-cookie-8f414390cc72da90e9a450a2127acaea247e3dda.tar.bz2
lua-resty-cookie-8f414390cc72da90e9a450a2127acaea247e3dda.zip
Implement support for SameSite attribute
SameSite is an update to RFC6265, allowing servers to assert that user agents should not send certain cookies along with cross-site requests. See: https://tools.ietf.org/html/draft-west-first-party-cookies-07
Diffstat (limited to 't')
-rw-r--r--t/sanity.t47
1 files changed, 42 insertions, 5 deletions
diff --git a/t/sanity.t b/t/sanity.t
index 952b81e..cb52ae8 100644
--- a/t/sanity.t
+++ b/t/sanity.t
@@ -5,7 +5,7 @@ use Cwd qw(cwd);
repeat_each(2);
-plan tests => repeat_each() * (blocks() * 3 + 4);
+plan tests => repeat_each() * (blocks() * 3 + 6);
my $pwd = cwd();
@@ -53,8 +53,6 @@ Cookie: SID=31d4d96e407aad42; lang=en-US
SID => 31d4d96e407aad42
lang => en-US
-
-
=== TEST 2: sanity 2
--- http_config eval: $::HttpConfig
--- config
@@ -188,7 +186,7 @@ SID => foo
key = "Name", value = "Bob", path = "/",
domain = "example.com", secure = true, httponly = true,
expires = "Wed, 09 Jun 2021 10:18:14 GMT", max_age = 50,
- extension = "a4334aebaec"
+ samesite = "Strict", extension = "a4334aebaec"
})
if not ok then
ngx.log(ngx.ERR, err)
@@ -202,7 +200,7 @@ GET /t
--- no_error_log
[error]
--- response_headers
-Set-Cookie: Name=Bob; Expires=Wed, 09 Jun 2021 10:18:14 GMT; Max-Age=50; Domain=example.com; Path=/; Secure; HttpOnly; a4334aebaec
+Set-Cookie: Name=Bob; Expires=Wed, 09 Jun 2021 10:18:14 GMT; Max-Age=50; Domain=example.com; Path=/; Secure; HttpOnly; SameSite=Strict; a4334aebaec
--- response_body
Set cookie
@@ -307,3 +305,42 @@ GET /t
--- raw_response_headers_unlike: Set-Cookie: Name=Bob; Path=/\r\nSet-Cookie: Age=20\r\nSet-Cookie: Name=Bob; Path=/
--- response_body
Set cookie
+
+
+=== TEST 9: set cookie with invalid SameSite attribute
+--- http_config eval: $::HttpConfig
+--- config
+ location /t {
+ content_by_lua '
+ local ck = require "resty.cookie"
+ local cookie, err = ck:new()
+ if not cookie then
+ ngx.log(ngx.ERR, err)
+ return
+ end
+
+ local ok, err = cookie:set({
+ key = "Name", value = "Bob", path = "/",
+ domain = "example.com", secure = true, httponly = true,
+ expires = "Wed, 09 Jun 2021 10:18:14 GMT", max_age = 50,
+ samesite = "blahblah", extension = "a4334aebaec"
+ })
+ if not ok then
+ ngx.log(ngx.ERR, err)
+ return
+ end
+ ngx.say("Set cookie")
+ ';
+ }
+--- request
+GET /t
+--- no_error_log
+[error]
+--- error_log
+SameSite value must be 'Strict' or 'Lax'
+--- response_headers
+Set-Cookie: Name=Bob; Expires=Wed, 09 Jun 2021 10:18:14 GMT; Max-Age=50; Domain=example.com; Path=/; Secure; HttpOnly; a4334aebaec
+--- response_body
+Set cookie
+
+