Eclipse
/
jetty.project
mirror of https://github.com/jetty/jetty.project.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Issue #3040 - Allow RFC6265 Cookies to include optional SameSite attribute 

Signed-off-by: Bruce MacDonald <brucewmacdonald@gmail.com>
This commit is contained in:
Bruce 2019-08-08 20:47:58 -07:00 committed by Greg Wilkins
parent 44986be6c0
commit 216f71469b
2 changed files with 42 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
jetty-http/src/main/java/org/eclipse/jetty/http/HttpCookie.java
View File

@ -29,6 +29,21 @@ public class HttpCookie
private static final String __COOKIE_DELIM = "\",;\\ \t";
private static final String __01Jan1970_COOKIE = DateGenerator.formatCookieDate(0).trim();
public enum SameSite
{
EXCLUDED("Excluded"), NONE("None"), STRICT("Strict"), LAX("Lax");
private String attributeValue;
SameSite(String attributeValue) {
this.attributeValue = attributeValue;
}
@Override
public String toString(){
return this.attributeValue;
}
}
private final String _name;
private final String _value;
private final String _comment;
@ -39,6 +54,7 @@ public class HttpCookie
private final int _version;
private final boolean _httpOnly;
private final long _expiration;
private final SameSite _sameSite;
public HttpCookie(String name, String value)
{
@ -61,6 +77,11 @@ public class HttpCookie
}
public HttpCookie(String name, String value, String domain, String path, long maxAge, boolean httpOnly, boolean secure, String comment, int version)
{
this(name, value, domain, path, maxAge, httpOnly, secure, comment, version, SameSite.EXCLUDED);
}
public HttpCookie(String name, String value, String domain, String path, long maxAge, boolean httpOnly, boolean secure, String comment, int version, SameSite sameSite)
{
_name = name;
_value = value;
@ -72,6 +93,7 @@ public class HttpCookie
_comment = comment;
_version = version;
_expiration = maxAge < 0 ? -1 : System.nanoTime() + TimeUnit.SECONDS.toNanos(maxAge);
_sameSite = sameSite;
}
public HttpCookie(String setCookie)
@ -92,6 +114,8 @@ public class HttpCookie
_comment = cookie.getComment();
_version = cookie.getVersion();
_expiration = _maxAge < 0 ? -1 : System.nanoTime() + TimeUnit.SECONDS.toNanos(_maxAge);
// TODO support for SameSite values has not yet been added to java.net.HttpCookie
_sameSite = SameSite.EXCLUDED;
}
/**
@ -158,6 +182,14 @@ public class HttpCookie
return _version;
}
/**
* @return the cookie SameSite enum attribute
*/
public SameSite getSameSite()
{
return _sameSite;
}
/**
* @return whether the cookie is valid for the http protocol only
*/
@ -366,6 +398,12 @@ public class HttpCookie
buf.append("; Secure");
if (_httpOnly)
buf.append("; HttpOnly");
if (_sameSite != SameSite.EXCLUDED)
{
buf.append("; SameSite=");
buf.append(_sameSite.toString());
}
return buf.toString();
}

4
jetty-http/src/test/java/org/eclipse/jetty/http/HttpCookieTest.java
View File

@ -90,6 +90,10 @@ public class HttpCookieTest
httpCookie = new HttpCookie("everything", "value", "domain", "path", 0, true, true, null, -1);
assertEquals("everything=value; Path=path; Domain=domain; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; HttpOnly", httpCookie.getRFC6265SetCookie());
httpCookie = new HttpCookie("everything", "value", "domain", "path", 0, true, true, null, -1, HttpCookie.SameSite.NONE);
assertEquals("everything=value; Path=path; Domain=domain; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; HttpOnly; SameSite=None", httpCookie.getRFC6265SetCookie());
String[] badNameExamples = {
"\"name\"",
"name\t",