generic-library/poco
1
0
Fork 0
mirror of https://github.com/pocoproject/poco.git synced 2025-03-03 12:58:03 +01:00
Code Issues Projects Releases Wiki Activity

added support for SameSite cookie attribute

Browse Source
This commit is contained in:
Günter Obiltschnig 2020-01-04 10:15:41 +01:00
parent b9cc21867b
commit 4ec5d35060
3 changed files with 128 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
Net/include/Poco/Net/HTTPCookie.h
View File

@ -45,6 +45,14 @@ class Net_API HTTPCookie
/// using Version 0 to ensure the best interoperability.
{
public:
enum SameSite
{
SAME_SITE_NOT_SPECIFIED,
SAME_SITE_NONE,
SAME_SITE_LAX,
SAME_SITE_STRICT
};
HTTPCookie();
/// Creates an empty HTTPCookie.
@ -157,6 +165,12 @@ public:
bool getHttpOnly() const;
/// Returns true iff the cookie's HttpOnly flag is set.
void setSameSite(SameSite value);
/// Sets the cookie's SameSite attribute.
SameSite getSameSite() const;
/// Returns the cookie's SameSite attribute.
std::string toString() const;
/// Returns a string representation of the cookie,
/// suitable for use in a Set-Cookie header.
@ -200,6 +214,7 @@ private:
bool _secure;
int _maxAge;
bool _httpOnly;
SameSite _sameSite;
};
@ -266,6 +281,12 @@ inline bool HTTPCookie::getHttpOnly() const
}
inline HTTPCookie::SameSite HTTPCookie::getSameSite() const
{
return _sameSite;
}
} } // namespace Poco::Net

59
Net/src/HTTPCookie.cpp
View File

@ -43,7 +43,8 @@ HTTPCookie::HTTPCookie():
_version(0),
_secure(false),
_maxAge(-1),
_httpOnly(false)
_httpOnly(false),
_sameSite(SAME_SITE_NOT_SPECIFIED)
{
}
@ -53,7 +54,8 @@ HTTPCookie::HTTPCookie(const std::string& name):
_name(name),
_secure(false),
_maxAge(-1),
_httpOnly(false)
_httpOnly(false),
_sameSite(SAME_SITE_NOT_SPECIFIED)
{
}
@ -62,7 +64,8 @@ HTTPCookie::HTTPCookie(const NameValueCollection& nvc):
_version(0),
_secure(false),
_maxAge(-1),
_httpOnly(false)
_httpOnly(false),
_sameSite(SAME_SITE_NOT_SPECIFIED)
{
for (NameValueCollection::ConstIterator it = nvc.begin(); it != nvc.end(); ++it)
{
@ -99,6 +102,15 @@ HTTPCookie::HTTPCookie(const NameValueCollection& nvc):
Timestamp now;
setMaxAge((int) ((exp.timestamp() - now) / Timestamp::resolution()));
}
else if (icompare(name, "SameSite") == 0)
{
if (icompare(value, "None") == 0)
_sameSite = SAME_SITE_NONE;
else if (icompare(value, "Lax") == 0)
_sameSite = SAME_SITE_LAX;
else if (icompare(value, "Strict") == 0)
_sameSite = SAME_SITE_STRICT;
}
else if (icompare(name, "version") == 0)
{
setVersion(NumberParser::parse(value));
@ -122,7 +134,8 @@ HTTPCookie::HTTPCookie(const std::string& name, const std::string& value):
_value(value),
_secure(false),
_maxAge(-1),
_httpOnly(false)
_httpOnly(false),
_sameSite(SAME_SITE_NOT_SPECIFIED)
{
}
@ -137,7 +150,8 @@ HTTPCookie::HTTPCookie(const HTTPCookie& cookie):
_priority(cookie._priority),
_secure(cookie._secure),
_maxAge(cookie._maxAge),
_httpOnly(cookie._httpOnly)
_httpOnly(cookie._httpOnly),
_sameSite(cookie._sameSite)
{
}
@ -161,6 +175,7 @@ HTTPCookie& HTTPCookie::operator = (const HTTPCookie& cookie)
_secure = cookie._secure;
_maxAge = cookie._maxAge;
_httpOnly = cookie._httpOnly;
_sameSite = cookie._sameSite;
}
return *this;
}
@ -226,6 +241,12 @@ void HTTPCookie::setHttpOnly(bool flag)
}
void HTTPCookie::setSameSite(SameSite value)
{
_sameSite = value;
}
std::string HTTPCookie::toString() const
{
std::string result;
@ -258,6 +279,20 @@ std::string HTTPCookie::toString() const
result.append("; expires=");
DateTimeFormatter::append(result, ts, DateTimeFormat::HTTP_FORMAT);
}
switch (_sameSite)
{
case SAME_SITE_NONE:
result.append("; SameSite=None");
break;
case SAME_SITE_LAX:
result.append("; SameSite=Lax");
break;
case SAME_SITE_STRICT:
result.append("; SameSite=Strict");
break;
case SAME_SITE_NOT_SPECIFIED:
break;
}
if (_secure)
{
result.append("; secure");
@ -304,6 +339,20 @@ std::string HTTPCookie::toString() const
NumberFormatter::append(result, _maxAge);
result.append("\"");
}
switch (_sameSite)
{
case SAME_SITE_NONE:
result.append("; SameSite=None");
break;
case SAME_SITE_LAX:
result.append("; SameSite=Lax");
break;
case SAME_SITE_STRICT:
result.append("; SameSite=Strict");
break;
case SAME_SITE_NOT_SPECIFIED:
break;
}
if (_secure)
{
result.append("; secure");

10
Net/testsuite/src/HTTPCookieTest.cpp
View File

@ -84,6 +84,16 @@ void HTTPCookieTest::testCookie()
assertTrue (cookie.toString() == "name=\"value\"; Comment=\"comment\"; Domain=\"appinf.com\"; Path=\"/\"; Priority=\"Medium\"; Max-Age=\"100\"; HttpOnly; Version=\"1\"");
cookie.setPriority("High");
assertTrue (cookie.toString() == "name=\"value\"; Comment=\"comment\"; Domain=\"appinf.com\"; Path=\"/\"; Priority=\"High\"; Max-Age=\"100\"; HttpOnly; Version=\"1\"");
cookie.setPriority("");
cookie.setSameSite(HTTPCookie::SAME_SITE_NONE);
assertTrue (cookie.toString() == "name=\"value\"; Comment=\"comment\"; Domain=\"appinf.com\"; Path=\"/\"; Max-Age=\"100\"; SameSite=None; HttpOnly; Version=\"1\"");
cookie.setSameSite(HTTPCookie::SAME_SITE_LAX);
assertTrue (cookie.toString() == "name=\"value\"; Comment=\"comment\"; Domain=\"appinf.com\"; Path=\"/\"; Max-Age=\"100\"; SameSite=Lax; HttpOnly; Version=\"1\"");
cookie.setSameSite(HTTPCookie::SAME_SITE_STRICT);
assertTrue (cookie.toString() == "name=\"value\"; Comment=\"comment\"; Domain=\"appinf.com\"; Path=\"/\"; Max-Age=\"100\"; SameSite=Strict; HttpOnly; Version=\"1\"");
cookie.setSameSite(HTTPCookie::SAME_SITE_NOT_SPECIFIED);
assertTrue (cookie.toString() == "name=\"value\"; Comment=\"comment\"; Domain=\"appinf.com\"; Path=\"/\"; Max-Age=\"100\"; HttpOnly; Version=\"1\"");
}