Add SameSite option to identity middleware cookie (#581)

CHANGES.md

@@ -9,6 +9,7 @@
 ### Added
 
 * Add method to configure custom error handler to `Query` and `Path` extractors.
+* Add method to configure `SameSite` option in `CookieIdentityPolicy`.
 
 ## [0.7.13] - 2018-10-14
 

src/middleware/identity.rs

@@ -48,7 +48,7 @@
 //! ```
 use std::rc::Rc;
 
-use cookie::{Cookie, CookieJar, Key};
+use cookie::{Cookie, CookieJar, Key, SameSite};
 use futures::future::{err as FutErr, ok as FutOk, FutureResult};
 use futures::Future;
 use time::Duration;
@@ -237,6 +237,7 @@ struct CookieIdentityInner {
     domain: Option<String>,
     secure: bool,
     max_age: Option<Duration>,
+    same_site: Option<SameSite>,
 }
 
 impl CookieIdentityInner {
@@ -248,6 +249,7 @@ impl CookieIdentityInner {
             domain: None,
             secure: true,
             max_age: None,
+            same_site: None,
         }
     }
 
@@ -268,6 +270,10 @@ impl CookieIdentityInner {
                 cookie.set_max_age(max_age);
             }
 
+            if let Some(same_site) = self.same_site {
+                cookie.set_same_site(same_site);
+            }
+
             let mut jar = CookieJar::new();
             if some {
                 jar.private(&self.key).add(cookie);
@@ -370,6 +376,12 @@ impl CookieIdentityPolicy {
         Rc::get_mut(&mut self.0).unwrap().max_age = Some(value);
         self
     }
+
+    /// Sets the `same_site` field in the session cookie being built.
+    pub fn same_site(mut self, same_site: SameSite) -> Self {
+        Rc::get_mut(&mut self.0).unwrap().same_site = Some(same_site);
+        self
+    }
 }
 
 impl<S> IdentityPolicy<S> for CookieIdentityPolicy {