generic-library/poco
1
0
Fork 0
mirror of https://github.com/pocoproject/poco.git synced 2025-03-03 21:06:25 +01:00
Code Issues Projects Releases Wiki Activity

added support for SameSite cookie attribute

Browse Source
This commit is contained in:
Günter Obiltschnig 2020-01-04 10:15:41 +01:00
parent b9cc21867b
commit 4ec5d35060
3 changed files with 128 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
Net/include/Poco/Net/HTTPCookie.h
View File

@ -45,6 +45,14 @@ class Net_API HTTPCookie
/// using Version 0 to ensure the best interoperability. /// using Version 0 to ensure the best interoperability.
{ {
public: public:
enum SameSite
{
SAME_SITE_NOT_SPECIFIED,
SAME_SITE_NONE,
SAME_SITE_LAX,
SAME_SITE_STRICT
};
HTTPCookie(); HTTPCookie();
/// Creates an empty HTTPCookie. /// Creates an empty HTTPCookie.
@ -157,6 +165,12 @@ public:
bool getHttpOnly() const; bool getHttpOnly() const;
/// Returns true iff the cookie's HttpOnly flag is set. /// Returns true iff the cookie's HttpOnly flag is set.
void setSameSite(SameSite value);
/// Sets the cookie's SameSite attribute.
SameSite getSameSite() const;
/// Returns the cookie's SameSite attribute.
std::string toString() const; std::string toString() const;
/// Returns a string representation of the cookie, /// Returns a string representation of the cookie,
/// suitable for use in a Set-Cookie header. /// suitable for use in a Set-Cookie header.
@ -200,6 +214,7 @@ private:
bool _secure; bool _secure;
int _maxAge; int _maxAge;
bool _httpOnly; bool _httpOnly;
SameSite _sameSite;
}; };
@ -266,6 +281,12 @@ inline bool HTTPCookie::getHttpOnly() const
} }
inline HTTPCookie::SameSite HTTPCookie::getSameSite() const
{
return _sameSite;
}
} } // namespace Poco::Net } } // namespace Poco::Net

59
Net/src/HTTPCookie.cpp
View File

@ -43,7 +43,8 @@ HTTPCookie::HTTPCookie():
_version(0), _version(0),
_secure(false), _secure(false),
_maxAge(-1), _maxAge(-1),
_httpOnly(false) _httpOnly(false),
_sameSite(SAME_SITE_NOT_SPECIFIED)
{ {
} }
@ -53,7 +54,8 @@ HTTPCookie::HTTPCookie(const std::string& name):
_name(name), _name(name),
_secure(false), _secure(false),
_maxAge(-1), _maxAge(-1),
_httpOnly(false) _httpOnly(false),
_sameSite(SAME_SITE_NOT_SPECIFIED)
{ {
} }
@ -62,7 +64,8 @@ HTTPCookie::HTTPCookie(const NameValueCollection& nvc):
_version(0), _version(0),
_secure(false), _secure(false),
_maxAge(-1), _maxAge(-1),
_httpOnly(false) _httpOnly(false),
_sameSite(SAME_SITE_NOT_SPECIFIED)
{ {
for (NameValueCollection::ConstIterator it = nvc.begin(); it != nvc.end(); ++it) for (NameValueCollection::ConstIterator it = nvc.begin(); it != nvc.end(); ++it)
{ {
@ -99,6 +102,15 @@ HTTPCookie::HTTPCookie(const NameValueCollection& nvc):
Timestamp now; Timestamp now;
setMaxAge((int) ((exp.timestamp() - now) / Timestamp::resolution())); setMaxAge((int) ((exp.timestamp() - now) / Timestamp::resolution()));
} }
else if (icompare(name, "SameSite") == 0)
{
if (icompare(value, "None") == 0)
_sameSite = SAME_SITE_NONE;
else if (icompare(value, "Lax") == 0)
_sameSite = SAME_SITE_LAX;
else if (icompare(value, "Strict") == 0)
_sameSite = SAME_SITE_STRICT;
}
else if (icompare(name, "version") == 0) else if (icompare(name, "version") == 0)
{ {
setVersion(NumberParser::parse(value)); setVersion(NumberParser::parse(value));
@ -122,7 +134,8 @@ HTTPCookie::HTTPCookie(const std::string& name, const std::string& value):
_value(value), _value(value),
_secure(false), _secure(false),
_maxAge(-1), _maxAge(-1),
_httpOnly(false) _httpOnly(false),
_sameSite(SAME_SITE_NOT_SPECIFIED)
{ {
} }
@ -137,7 +150,8 @@ HTTPCookie::HTTPCookie(const HTTPCookie& cookie):
_priority(cookie._priority), _priority(cookie._priority),
_secure(cookie._secure), _secure(cookie._secure),
_maxAge(cookie._maxAge), _maxAge(cookie._maxAge),
_httpOnly(cookie._httpOnly) _httpOnly(cookie._httpOnly),
_sameSite(cookie._sameSite)
{ {
} }
@ -161,6 +175,7 @@ HTTPCookie& HTTPCookie::operator = (const HTTPCookie& cookie)
_secure = cookie._secure; _secure = cookie._secure;
_maxAge = cookie._maxAge; _maxAge = cookie._maxAge;
_httpOnly = cookie._httpOnly; _httpOnly = cookie._httpOnly;
_sameSite = cookie._sameSite;
} }
return *this; return *this;
} }
@ -226,6 +241,12 @@ void HTTPCookie::setHttpOnly(bool flag)
} }
void HTTPCookie::setSameSite(SameSite value)
{
_sameSite = value;
}
std::string HTTPCookie::toString() const std::string HTTPCookie::toString() const
{ {
std::string result; std::string result;
@ -258,6 +279,20 @@ std::string HTTPCookie::toString() const
result.append("; expires="); result.append("; expires=");
DateTimeFormatter::append(result, ts, DateTimeFormat::HTTP_FORMAT); DateTimeFormatter::append(result, ts, DateTimeFormat::HTTP_FORMAT);
} }
switch (_sameSite)
{
case SAME_SITE_NONE:
result.append("; SameSite=None");
break;
case SAME_SITE_LAX:
result.append("; SameSite=Lax");
break;
case SAME_SITE_STRICT:
result.append("; SameSite=Strict");
break;
case SAME_SITE_NOT_SPECIFIED:
break;
}
if (_secure) if (_secure)
{ {
result.append("; secure"); result.append("; secure");
@ -304,6 +339,20 @@ std::string HTTPCookie::toString() const
NumberFormatter::append(result, _maxAge); NumberFormatter::append(result, _maxAge);
result.append("\""); result.append("\"");
} }
switch (_sameSite)
{
case SAME_SITE_NONE:
result.append("; SameSite=None");
break;
case SAME_SITE_LAX:
result.append("; SameSite=Lax");
break;
case SAME_SITE_STRICT:
result.append("; SameSite=Strict");
break;
case SAME_SITE_NOT_SPECIFIED:
break;
}
if (_secure) if (_secure)
{ {
result.append("; secure"); result.append("; secure");

10
Net/testsuite/src/HTTPCookieTest.cpp
View File

@ -84,6 +84,16 @@ void HTTPCookieTest::testCookie()
assertTrue (cookie.toString() == "name=\"value\"; Comment=\"comment\"; Domain=\"appinf.com\"; Path=\"/\"; Priority=\"Medium\"; Max-Age=\"100\"; HttpOnly; Version=\"1\""); assertTrue (cookie.toString() == "name=\"value\"; Comment=\"comment\"; Domain=\"appinf.com\"; Path=\"/\"; Priority=\"Medium\"; Max-Age=\"100\"; HttpOnly; Version=\"1\"");
cookie.setPriority("High"); cookie.setPriority("High");
assertTrue (cookie.toString() == "name=\"value\"; Comment=\"comment\"; Domain=\"appinf.com\"; Path=\"/\"; Priority=\"High\"; Max-Age=\"100\"; HttpOnly; Version=\"1\""); assertTrue (cookie.toString() == "name=\"value\"; Comment=\"comment\"; Domain=\"appinf.com\"; Path=\"/\"; Priority=\"High\"; Max-Age=\"100\"; HttpOnly; Version=\"1\"");
cookie.setPriority("");
cookie.setSameSite(HTTPCookie::SAME_SITE_NONE);
assertTrue (cookie.toString() == "name=\"value\"; Comment=\"comment\"; Domain=\"appinf.com\"; Path=\"/\"; Max-Age=\"100\"; SameSite=None; HttpOnly; Version=\"1\"");
cookie.setSameSite(HTTPCookie::SAME_SITE_LAX);
assertTrue (cookie.toString() == "name=\"value\"; Comment=\"comment\"; Domain=\"appinf.com\"; Path=\"/\"; Max-Age=\"100\"; SameSite=Lax; HttpOnly; Version=\"1\"");
cookie.setSameSite(HTTPCookie::SAME_SITE_STRICT);
assertTrue (cookie.toString() == "name=\"value\"; Comment=\"comment\"; Domain=\"appinf.com\"; Path=\"/\"; Max-Age=\"100\"; SameSite=Strict; HttpOnly; Version=\"1\"");
cookie.setSameSite(HTTPCookie::SAME_SITE_NOT_SPECIFIED);
assertTrue (cookie.toString() == "name=\"value\"; Comment=\"comment\"; Domain=\"appinf.com\"; Path=\"/\"; Max-Age=\"100\"; HttpOnly; Version=\"1\"");
} }