diff options
author | Robert Paprocki <robert@cryptobells.com> | 2016-05-31 13:41:38 -0700 |
---|---|---|
committer | Jiale Zhi <vipcalio@gmail.com> | 2016-06-07 11:31:30 -0700 |
commit | 8f414390cc72da90e9a450a2127acaea247e3dda (patch) | |
tree | 3b5af925ce4c600aceaef10665378a626ebd4c8a /t | |
parent | b83165199e63eec5c7e58f489eb4ac17657e7c46 (diff) | |
download | lua-resty-cookie-8f414390cc72da90e9a450a2127acaea247e3dda.tar.gz lua-resty-cookie-8f414390cc72da90e9a450a2127acaea247e3dda.tar.bz2 lua-resty-cookie-8f414390cc72da90e9a450a2127acaea247e3dda.zip |
Implement support for SameSite attribute
SameSite is an update to RFC6265, allowing servers to assert
that user agents should not send certain cookies along with
cross-site requests.
See: https://tools.ietf.org/html/draft-west-first-party-cookies-07
Diffstat (limited to 't')
-rw-r--r-- | t/sanity.t | 47 |
1 files changed, 42 insertions, 5 deletions
@@ -5,7 +5,7 @@ use Cwd qw(cwd); repeat_each(2); -plan tests => repeat_each() * (blocks() * 3 + 4); +plan tests => repeat_each() * (blocks() * 3 + 6); my $pwd = cwd(); @@ -53,8 +53,6 @@ Cookie: SID=31d4d96e407aad42; lang=en-US SID => 31d4d96e407aad42 lang => en-US - - === TEST 2: sanity 2 --- http_config eval: $::HttpConfig --- config @@ -188,7 +186,7 @@ SID => foo key = "Name", value = "Bob", path = "/", domain = "example.com", secure = true, httponly = true, expires = "Wed, 09 Jun 2021 10:18:14 GMT", max_age = 50, - extension = "a4334aebaec" + samesite = "Strict", extension = "a4334aebaec" }) if not ok then ngx.log(ngx.ERR, err) @@ -202,7 +200,7 @@ GET /t --- no_error_log [error] --- response_headers -Set-Cookie: Name=Bob; Expires=Wed, 09 Jun 2021 10:18:14 GMT; Max-Age=50; Domain=example.com; Path=/; Secure; HttpOnly; a4334aebaec +Set-Cookie: Name=Bob; Expires=Wed, 09 Jun 2021 10:18:14 GMT; Max-Age=50; Domain=example.com; Path=/; Secure; HttpOnly; SameSite=Strict; a4334aebaec --- response_body Set cookie @@ -307,3 +305,42 @@ GET /t --- raw_response_headers_unlike: Set-Cookie: Name=Bob; Path=/\r\nSet-Cookie: Age=20\r\nSet-Cookie: Name=Bob; Path=/ --- response_body Set cookie + + +=== TEST 9: set cookie with invalid SameSite attribute +--- http_config eval: $::HttpConfig +--- config + location /t { + content_by_lua ' + local ck = require "resty.cookie" + local cookie, err = ck:new() + if not cookie then + ngx.log(ngx.ERR, err) + return + end + + local ok, err = cookie:set({ + key = "Name", value = "Bob", path = "/", + domain = "example.com", secure = true, httponly = true, + expires = "Wed, 09 Jun 2021 10:18:14 GMT", max_age = 50, + samesite = "blahblah", extension = "a4334aebaec" + }) + if not ok then + ngx.log(ngx.ERR, err) + return + end + ngx.say("Set cookie") + '; + } +--- request +GET /t +--- no_error_log +[error] +--- error_log +SameSite value must be 'Strict' or 'Lax' +--- response_headers +Set-Cookie: Name=Bob; Expires=Wed, 09 Jun 2021 10:18:14 GMT; Max-Age=50; Domain=example.com; Path=/; Secure; HttpOnly; a4334aebaec +--- response_body +Set cookie + + |