lib/rack/utils.rb in rack-1.6.4 vs lib/rack/utils.rb in rack-1.6.5
- old
+ new
@@ -309,15 +309,26 @@
# RFC 6265
expires = "; expires=" +
rfc2822(value[:expires].clone.gmtime) if value[:expires]
secure = "; secure" if value[:secure]
httponly = "; HttpOnly" if (value.key?(:httponly) ? value[:httponly] : value[:http_only])
+ same_site =
+ case value[:same_site]
+ when false, nil
+ nil
+ when :lax, 'Lax', :Lax
+ '; SameSite=Lax'.freeze
+ when true, :strict, 'Strict', :Strict
+ '; SameSite=Strict'.freeze
+ else
+ raise ArgumentError, "Invalid SameSite value: #{value[:same_site].inspect}"
+ end
value = value[:value]
end
value = [value] unless Array === value
cookie = escape(key) + "=" +
value.map { |v| escape v }.join("&") +
- "#{domain}#{path}#{max_age}#{expires}#{secure}#{httponly}"
+ "#{domain}#{path}#{max_age}#{expires}#{secure}#{httponly}#{same_site}"
case header["Set-Cookie"]
when nil, ''
header["Set-Cookie"] = cookie
when String