webmcp
changeset 551:a0f1a4e76556
Support SameSite cookies
author | jbe |
---|---|
date | Mon Dec 09 15:54:41 2019 +0100 (2019-12-09) |
parents | 59d2aaa6df07 |
children | 7e874b5227b6 |
files | framework/env/request/set_cookie.lua |
line diff
1.1 --- a/framework/env/request/set_cookie.lua Wed Oct 23 19:32:40 2019 +0200 1.2 +++ b/framework/env/request/set_cookie.lua Mon Dec 09 15:54:41 2019 +0100 1.3 @@ -1,10 +1,11 @@ 1.4 --[[-- 1.5 request.set_cookie{ 1.6 - name = name, -- name of cookie 1.7 - value = value, -- value of cookie 1.8 - domain = domain, -- optional domain domain where cookie is transmitted 1.9 - path = path, -- optional path where cookie is transmitted, defaults to application base 1.10 - secure = secure -- optional boolean, indicating if cookie should only be transmitted over HTTPS 1.11 + name = name, -- name of cookie 1.12 + value = value, -- value of cookie 1.13 + domain = domain, -- optional domain domain where cookie is transmitted 1.14 + path = path, -- optional path where cookie is transmitted, defaults to application base 1.15 + secure = secure, -- optional boolean, indicating if cookie should only be transmitted over HTTPS 1.16 + samesite = samesite -- SameSite policy set to "strict", "lax", or "none" (all lower-case, defaults to "lax") 1.17 } 1.18 1.19 This function is similar to rocketwiki.set_cookie{...}, except that it automatically sets the path to the application base. It also sets secure=true, if the secure option is unset and the application base URL starts with "https://". 1.20 @@ -52,5 +53,14 @@ 1.21 if args.secure then 1.22 parts[#parts+1] = "secure" 1.23 end 1.24 + if args.samesite == "strict" then 1.25 + parts[#parts+1] = "SameSite=Strict" 1.26 + elseif args.samesite == "lax" or args.samesite == nil then 1.27 + parts[#parts+1] = "SameSite=Lax" 1.28 + elseif args.samesite == "none" then 1.29 + parts[#parts+1] = "SameSite=None" 1.30 + else 1.31 + error("Cookie SameSite policy set to unsupported value") 1.32 + end 1.33 request.add_header("Set-Cookie", table.concat(parts, "; ")) 1.34 end