Skip to content
This repository was archived by the owner on Apr 12, 2024. It is now read-only.

feat(ngCookies): support sameSite option #16544

Merged
merged 1 commit into from
May 17, 2018
Merged

feat(ngCookies): support sameSite option #16544

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions src/ngCookies/cookieWriter.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@ function $$CookieWriter($document, $log, $browser) {
str += options.domain ? ';domain=' + options.domain : '';
str += expires ? ';expires=' + expires.toUTCString() : '';
str += options.secure ? ';secure' : '';
str += options.samesite ? ';samesite=' + options.samesite : '';

// per http://www.ietf.org/rfc/rfc2109.txt browser must allow at minimum:
// - 300 cookies
Expand Down
4 changes: 4 additions & 0 deletions src/ngCookies/cookies.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,10 @@ angular.module('ngCookies', ['ng']).
* or a Date object indicating the exact date/time this cookie will expire.
* - **secure** - `{boolean}` - If `true`, then the cookie will only be available through a
* secured connection.
* - **samesite** - `{string}` - prevents the browser from sending the cookie along with cross-site requests.
* Accepts the values `lax` and `strict`. See the [OWASP Wiki](https://www.owasp.org/index.php/SameSite)
* for more info. Note that as of May 2018, not all browsers support `SameSite`,
* so it cannot be used as a single measure against Cross-Site-Request-Forgery (CSRF) attacks.
*
* Note: By default, the address that appears in your `<base>` tag will be used as the path.
* This is important so that cookies will be visible for all routes when html5mode is enabled.
Expand Down
10 changes: 10 additions & 0 deletions test/ngCookies/cookieWriterSpec.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -181,6 +181,16 @@ describe('cookie options', function() {
expect(getLastCookieAssignment('secure')).toBe(true);
});

it('should accept samesite option when value is lax', function() {
$$cookieWriter('name', 'value', {samesite: 'lax'});
expect(getLastCookieAssignment('samesite')).toBe('lax');
});

it('should accept samesite option when value is strict', function() {
$$cookieWriter('name', 'value', {samesite: 'strict'});
expect(getLastCookieAssignment('samesite')).toBe('strict');
});

it('should accept expires option on set', function() {
$$cookieWriter('name', 'value', {expires: 'Fri, 19 Dec 2014 00:00:00 GMT'});
expect(getLastCookieAssignment('expires')).toMatch(/^Fri, 19 Dec 2014 00:00:00 (UTC|GMT)$/);
Expand Down