address review comments

bharat-rajani · bharat-rajani · commit 48890fdaf10f · 2024-04-25T11:50:25.000+05:30
diff --git a/.gitignore b/.gitignore
@@ -1,5 +1 @@
 coverage.coverprofile
-
-# IDE Metadata
-.idea
-.vscode
diff --git a/cookie_go111_test.go b/cookie_go111_test.go
@@ -17,6 +17,7 @@ func TestNewCookieFromOptionsSameSite(t *testing.T) {
 		{http.SameSiteDefaultMode},
 		{http.SameSiteLaxMode},
 		{http.SameSiteStrictMode},
+		{http.SameSiteNoneMode},
 	}
 	for i, v := range tests {
 		options := &Options{
diff --git a/sessions_test.go b/sessions_test.go
@@ -40,8 +40,8 @@ func TestFlashes(t *testing.T) {
 
 	store := NewCookieStore([]byte("secret-key"))
 
-	if store.Options.SameSite != http.SameSiteLaxMode {
-		t.Fatalf("cookie store error: default same site is not set to Lax")
+	if store.Options.SameSite != http.SameSiteNoneMode {
+		t.Fatalf("cookie store error: default same site is not set to None")
 	}
 
 	// Round 1 ----------------------------------------------------------------
@@ -72,8 +72,8 @@ func TestFlashes(t *testing.T) {
 		t.Fatal("No cookies. Header:", hdr)
 	}
 
-	if !strings.Contains(cookies[0], "SameSite=Lax") {
-		t.Fatal("Set-Cookie does not contains SameSite=Lax, cookie string:", cookies[0])
+	if !strings.Contains(cookies[0], "SameSite=None") || !strings.Contains(cookies[0], "Secure") {
+		t.Fatal("Set-Cookie does not contains SameSite=None with Secure, cookie string:", cookies[0])
 	}
 
 	if _, err = store.Get(req, "session:key"); err.Error() != "sessions: invalid character in cookie name: session:key" {
diff --git a/store.go b/store.go
@@ -56,7 +56,8 @@ func NewCookieStore(keyPairs ...[]byte) *CookieStore {
 		Options: &Options{
 			Path:     "/",
 			MaxAge:   86400 * 30,
-			SameSite: http.SameSiteLaxMode,
+			SameSite: http.SameSiteNoneMode,
+			Secure:   true,
 		},
 	}
 

-Original file line number
+Diff line change
@@ @@ -1,5 +1 @@ @@
 coverage.coverprofile
+-
 -# IDE Metadata
 -.idea
 -.vscode
Original file line number	Diff line number	Diff line change
`@@ -17,6 +17,7 @@ func TestNewCookieFromOptionsSameSite(t *testing.T) {`
`17`	`17`	`{http.SameSiteDefaultMode},`
`18`	`18`	`{http.SameSiteLaxMode},`
`19`	`19`	`{http.SameSiteStrictMode},`
	`20`	`+ {http.SameSiteNoneMode},`
`20`	`21`	`}`
`21`	`22`	`for i, v := range tests {`
`22`	`23`	`options := &Options{`
Original file line number	Diff line number	Diff line change
`@@ -40,8 +40,8 @@ func TestFlashes(t *testing.T) {`
`40`	`40`
`41`	`41`	`store := NewCookieStore([]byte("secret-key"))`
`42`	`42`
`43`		`- if store.Options.SameSite != http.SameSiteLaxMode {`
`44`		`- t.Fatalf("cookie store error: default same site is not set to Lax")`
	`43`	`+ if store.Options.SameSite != http.SameSiteNoneMode {`
	`44`	`+ t.Fatalf("cookie store error: default same site is not set to None")`
`45`	`45`	`}`
`46`	`46`
`47`	`47`	`// Round 1 ----------------------------------------------------------------`
`@@ -72,8 +72,8 @@ func TestFlashes(t *testing.T) {`
`72`	`72`	`t.Fatal("No cookies. Header:", hdr)`
`73`	`73`	`}`
`74`	`74`
`75`		`- if !strings.Contains(cookies[0], "SameSite=Lax") {`
`76`		`- t.Fatal("Set-Cookie does not contains SameSite=Lax, cookie string:", cookies[0])`
	`75`	`+ if !strings.Contains(cookies[0], "SameSite=None") \|\| !strings.Contains(cookies[0], "Secure") {`
	`76`	`+ t.Fatal("Set-Cookie does not contains SameSite=None with Secure, cookie string:", cookies[0])`
`77`	`77`	`}`
`78`	`78`
`79`	`79`	`if _, err = store.Get(req, "session:key"); err.Error() != "sessions: invalid character in cookie name: session:key" {`
Original file line number	Diff line number	Diff line change
`@@ -56,7 +56,8 @@ func NewCookieStore(keyPairs ...[]byte) *CookieStore {`
`56`	`56`	`Options: &Options{`
`57`	`57`	`Path: "/",`
`58`	`58`	`MaxAge: 86400 * 30,`
`59`		`- SameSite: http.SameSiteLaxMode,`
	`59`	`+ SameSite: http.SameSiteNoneMode,`
	`60`	`+ Secure: true,`
`60`	`61`	`},`
`61`	`62`	`}`
`62`	`63`