[CSL-2699] Add secure and samesite (#43)

esezen · web-flow · commit 236fe0345ae3 · 2023-08-14T12:36:30.000-04:00
diff --git a/spec/006-cookies.js b/spec/006-cookies.js
@@ -22,6 +22,42 @@ describe('ConstructorioID', function () {
       var cookieData =  session.set_cookie('mewantcookie', 'meeatcookie');
       expect(cookieData).to.match(/mewantcookie=meeatcookie; expires=.*; path=\//);
     });
+
+    it('should create a cookie without secure flag using defaults', function () {
+      var session = new ConstructorioID();
+      var cookieData =  session.set_cookie('mewantcookie', 'meeatcookie');
+      expect(cookieData).to.not.match(/mewantcookie=meeatcookie; expires=.*; path=\/; secure/);
+    });
+
+    it('should create a cookie with secure flag', function () {
+      var session = new ConstructorioID({ cookie_secure: true });
+      var cookieData =  session.set_cookie('mewantcookie', 'meeatcookie');
+      expect(cookieData).to.match(/mewantcookie=meeatcookie; expires=.*; path=\/; secure/);
+    });
+
+    it('should create a cookie without samesite flag using defaults', function () {
+      var session = new ConstructorioID();
+      var cookieData =  session.set_cookie('mewantcookie', 'meeatcookie');
+      expect(cookieData).to.not.match(/mewantcookie=meeatcookie; expires=.*; path=\/; samesite/);
+    });
+
+    it('should create a cookie with samesite flag', function () {
+      var session = new ConstructorioID({ cookie_samesite: 'strict' });
+      var cookieData =  session.set_cookie('mewantcookie', 'meeatcookie');
+      expect(cookieData).to.match(/mewantcookie=meeatcookie; expires=.*; path=\/; samesite=strict/);
+    });
+
+    it('should create a cookie with samesite flag', function () {
+      var session = new ConstructorioID({ cookie_samesite: 'lax' });
+      var cookieData =  session.set_cookie('mewantcookie', 'meeatcookie');
+      expect(cookieData).to.match(/mewantcookie=meeatcookie; expires=.*; path=\/; samesite=lax/);
+    });
+
+    it('should create a cookie with samesite and secure flags', function () {
+      var session = new ConstructorioID({ cookie_samesite: 'strict', cookie_secure: true });
+      var cookieData =  session.set_cookie('mewantcookie', 'meeatcookie');
+      expect(cookieData).to.match(/mewantcookie=meeatcookie; expires=.*; path=\/; secure; samesite=strict/);
+    });
   });
 
   describe('get_cookie', function () {
diff --git a/src/constructorio-id.js b/src/constructorio-id.js
@@ -11,6 +11,8 @@
       cookie_name_session_id: 'ConstructorioID_session_id',
       cookie_name_session_data: 'ConstructorioID_session',
       cookie_domain: null,
+      cookie_secure: null, // null, true
+      cookie_samesite: null, // null, Lax, Strict
       cookie_days_to_live: 365,
       local_name_client_id: '_constructorio_search_client_id',
       local_name_session_id: '_constructorio_search_session_id',
@@ -61,6 +63,12 @@
       if (this.cookie_domain) {
         cookie_data += '; domain=' + this.cookie_domain;
       }
+      if (this.cookie_secure) {
+        cookie_data += '; secure';
+      }
+      if (this.cookie_samesite) {
+        cookie_data += '; samesite=' + this.cookie_samesite;
+      }
       document.cookie = cookie_data;
 
       // For testing purposes
