Skip to content

Add SameSite enum support to ResponseCookie #33425

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Add SameSite enum support to ResponseCookie #33425

wants to merge 1 commit into from

Conversation

zinzoddari
Copy link
Contributor

I have added the SameSite enum to ResponseCookie while ensuring that the existing string-based handling is still supported.

The reason for adding the enum is to enhance type safety. Additionally, if a value that is not provided is entered, it will default to Lax as per the specification (https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis#name-the-samesite-attribute).

I would appreciate it if you could review the PR!

@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged or decided on label Aug 25, 2024
@sbrannen sbrannen added the in: web Issues in web modules (web, webmvc, webflux, websocket) label Aug 25, 2024
@sbrannen sbrannen changed the title Add SameSite enum support to ResponseCookie Add SameSite enum support to ResponseCookie Aug 25, 2024
@bclozel bclozel changed the title Add SameSite enum support to ResponseCookie Add SameSite enum support to ResponseCookie Sep 12, 2024
@bclozel
Copy link
Member

bclozel commented Sep 13, 2024

Thanks for the proposal, but we're going to decline this PR.
Promoting this to an enum doesn't bring much, as SameSite can accept any value (and the actual resulting behavior depends on the browser configuration). Exposing this in our public API would require deprecating the String variant and would create some edge cases like builder.sameSite(null).

We might revisit this in the future if the SameSite spec evolves and requires more elaborate parsing or features on the server side.

Thanks for your contribution!

@bclozel bclozel closed this Sep 13, 2024
@bclozel bclozel added status: declined A suggestion or change that we don't feel we should currently apply and removed status: waiting-for-triage An issue we've not yet triaged or decided on labels Sep 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
in: web Issues in web modules (web, webmvc, webflux, websocket) status: declined A suggestion or change that we don't feel we should currently apply
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@zinzoddari @bclozel @sbrannen @spring-projects-issues