From 4dcecd907b64e9cff3bd2dbc4143bf0cafb0ba72 Mon Sep 17 00:00:00 2001 From: Bruno Bigras Date: Fri, 25 May 2018 19:15:00 -0400 Subject: [PATCH] Add same-site to CookieSessionBackend closes #247 --- src/middleware/session.rs | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/src/middleware/session.rs b/src/middleware/session.rs index ba385d83e..3e6e98906 100644 --- a/src/middleware/session.rs +++ b/src/middleware/session.rs @@ -69,7 +69,7 @@ use std::marker::PhantomData; use std::rc::Rc; use std::sync::Arc; -use cookie::{Cookie, CookieJar, Key}; +use cookie::{Cookie, CookieJar, Key, SameSite}; use futures::future::{err as FutErr, ok as FutOk, FutureResult}; use futures::Future; use http::header::{self, HeaderValue}; @@ -367,6 +367,7 @@ struct CookieSessionInner { domain: Option, secure: bool, max_age: Option, + same_site: Option, } impl CookieSessionInner { @@ -379,6 +380,7 @@ impl CookieSessionInner { domain: None, secure: true, max_age: None, + same_site: None, } } @@ -404,6 +406,10 @@ impl CookieSessionInner { cookie.set_max_age(max_age); } + if let Some(same_site) = self.same_site { + cookie.set_same_site(same_site); + } + let mut jar = CookieJar::new(); match self.security { @@ -531,6 +537,12 @@ impl CookieSessionBackend { self } + /// Sets the `same_site` field in the session cookie being built. + pub fn same_site(mut self, value: SameSite) -> CookieSessionBackend { + Rc::get_mut(&mut self.0).unwrap().same_site = Some(value); + self + } + /// Sets the `max-age` field in the session cookie being built. pub fn max_age(mut self, value: Duration) -> CookieSessionBackend { Rc::get_mut(&mut self.0).unwrap().max_age = Some(value);