Skip to content

Commit

Permalink
fix: use SameSite=Strict by default
Browse files Browse the repository at this point in the history 
In order to remove the following warning in Chrome:

A cookie associated with a cross-site resource at ... was set without
the `SameSite` attribute. A future release of Chrome will only deliver
cookies with cross-site requests if they are set with `SameSite=None`
and `Secure`.

Please note that the cookie will be disabled by default in Engine.IO
v4, see a374471
  • Loading branch information
@darrachequesne
darrachequesne committed Apr 15, 2020
1 parent da851ec commit 001ca62
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 9 deletions.
3 changes: 2 additions & 1 deletion lib/server.js
View file
Expand Up @@ -323,7 +323,8 @@ Server.prototype.handshake = function (transportName, req) {
headers['Set-Cookie'] = cookieMod.serialize(self.cookie, id,
{
path: self.cookiePath,
httpOnly: self.cookiePath ? self.cookieHttpOnly : false
httpOnly: self.cookiePath ? self.cookieHttpOnly : false,
sameSite: true
});
});
}
Expand Down
16 changes: 8 additions & 8 deletions test/server.js
View file
Expand Up @@ -117,7 +117,7 @@ describe('server', function () {
expect(err).to.be(null);
// hack-obtain sid
var sid = res.text.match(/"sid":"([^"]+)"/)[1];
expect(res.headers['set-cookie'][0]).to.be('io=' + sid + '; Path=/; HttpOnly');
expect(res.headers['set-cookie'][0]).to.be('io=' + sid + '; Path=/; HttpOnly; SameSite=Strict');
done();
});
});
Expand All @@ -130,7 +130,7 @@ describe('server', function () {
.end(function (err, res) {
expect(err).to.be(null);
var sid = res.text.match(/"sid":"([^"]+)"/)[1];
expect(res.headers['set-cookie'][0]).to.be('woot=' + sid + '; Path=/; HttpOnly');
expect(res.headers['set-cookie'][0]).to.be('woot=' + sid + '; Path=/; HttpOnly; SameSite=Strict');
done();
});
});
Expand All @@ -143,7 +143,7 @@ describe('server', function () {
.end(function (err, res) {
expect(err).to.be(null);
var sid = res.text.match(/"sid":"([^"]+)"/)[1];
expect(res.headers['set-cookie'][0]).to.be('io=' + sid + '; Path=/custom; HttpOnly');
expect(res.headers['set-cookie'][0]).to.be('io=' + sid + '; Path=/custom; HttpOnly; SameSite=Strict');
done();
});
});
Expand All @@ -156,7 +156,7 @@ describe('server', function () {
.end(function (err, res) {
expect(err).to.be(null);
var sid = res.text.match(/"sid":"([^"]+)"/)[1];
expect(res.headers['set-cookie'][0]).to.be('io=' + sid);
expect(res.headers['set-cookie'][0]).to.be('io=' + sid + '; SameSite=Strict');
done();
});
});
Expand All @@ -169,7 +169,7 @@ describe('server', function () {
.end(function (err, res) {
expect(err).to.be(null);
var sid = res.text.match(/"sid":"([^"]+)"/)[1];
expect(res.headers['set-cookie'][0]).to.be('io=' + sid + '; Path=/; HttpOnly');
expect(res.headers['set-cookie'][0]).to.be('io=' + sid + '; Path=/; HttpOnly; SameSite=Strict');
done();
});
});
Expand All @@ -182,7 +182,7 @@ describe('server', function () {
.end(function (err, res) {
expect(err).to.be(null);
var sid = res.text.match(/"sid":"([^"]+)"/)[1];
expect(res.headers['set-cookie'][0]).to.be('io=' + sid);
expect(res.headers['set-cookie'][0]).to.be('io=' + sid + '; SameSite=Strict');
done();
});
});
Expand All @@ -195,7 +195,7 @@ describe('server', function () {
.end(function (err, res) {
expect(err).to.be(null);
var sid = res.text.match(/"sid":"([^"]+)"/)[1];
expect(res.headers['set-cookie'][0]).to.be('io=' + sid + '; Path=/');
expect(res.headers['set-cookie'][0]).to.be('io=' + sid + '; Path=/; SameSite=Strict');
done();
});
});
Expand All @@ -208,7 +208,7 @@ describe('server', function () {
.end(function (err, res) {
expect(err).to.be(null);
var sid = res.text.match(/"sid":"([^"]+)"/)[1];
expect(res.headers['set-cookie'][0]).to.be('io=' + sid + '; Path=/; HttpOnly');
expect(res.headers['set-cookie'][0]).to.be('io=' + sid + '; Path=/; HttpOnly; SameSite=Strict');
done();
});
});
Expand Down

0 comments on commit 001ca62

Please sign in to comment.