From 4dcecd907b64e9cff3bd2dbc4143bf0cafb0ba72 Mon Sep 17 00:00:00 2001
From: Bruno Bigras <bigras.bruno@gmail.com>
Date: Fri, 25 May 2018 19:15:00 -0400
Subject: [PATCH] Add same-site to CookieSessionBackend

closes #247
---
 src/middleware/session.rs | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/src/middleware/session.rs b/src/middleware/session.rs
index ba385d83..3e6e9890 100644
--- a/src/middleware/session.rs
+++ b/src/middleware/session.rs
@@ -69,7 +69,7 @@ use std::marker::PhantomData;
 use std::rc::Rc;
 use std::sync::Arc;
 
-use cookie::{Cookie, CookieJar, Key};
+use cookie::{Cookie, CookieJar, Key, SameSite};
 use futures::future::{err as FutErr, ok as FutOk, FutureResult};
 use futures::Future;
 use http::header::{self, HeaderValue};
@@ -367,6 +367,7 @@ struct CookieSessionInner {
     domain: Option<String>,
     secure: bool,
     max_age: Option<Duration>,
+    same_site: Option<SameSite>,
 }
 
 impl CookieSessionInner {
@@ -379,6 +380,7 @@ impl CookieSessionInner {
             domain: None,
             secure: true,
             max_age: None,
+            same_site: None,
         }
     }
 
@@ -404,6 +406,10 @@ impl CookieSessionInner {
             cookie.set_max_age(max_age);
         }
 
+        if let Some(same_site) = self.same_site {
+            cookie.set_same_site(same_site);
+        }
+
         let mut jar = CookieJar::new();
 
         match self.security {
@@ -531,6 +537,12 @@ impl CookieSessionBackend {
         self
     }
 
+    /// Sets the `same_site` field in the session cookie being built.
+    pub fn same_site(mut self, value: SameSite) -> CookieSessionBackend {
+        Rc::get_mut(&mut self.0).unwrap().same_site = Some(value);
+        self
+    }
+
     /// Sets the `max-age` field in the session cookie being built.
     pub fn max_age(mut self, value: Duration) -> CookieSessionBackend {
         Rc::get_mut(&mut self.0).unwrap().max_age = Some(value);