Merge pull request #31124 from geoand/#31122

Add support for SameSite for cookies
quarkusio · Feb 13, 2023 · 3113c0b · 3113c0b
2 parents f9dc74f + f9565b7
commit 3113c0b
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 6 deletions.
diff --git a/...ime/src/main/java/org/jboss/resteasy/reactive/common/headers/NewCookieHeaderDelegate.java b/...ime/src/main/java/org/jboss/resteasy/reactive/common/headers/NewCookieHeaderDelegate.java
@@ -32,6 +32,7 @@ public Object fromString(String newCookie) throws IllegalArgumentException {
         boolean secure = false;
         int version = NewCookie.DEFAULT_VERSION;
         boolean httpOnly = false;
+        NewCookie.SameSite sameSite = null;
         Date expiry = null;
 
         OrderedParameterParser parser = new OrderedParameterParser();
@@ -59,6 +60,8 @@ public Object fromString(String newCookie) throws IllegalArgumentException {
                 version = Integer.parseInt(value);
             } else if (name.equalsIgnoreCase("HttpOnly")) {
                 httpOnly = true;
+            } else if (name.equalsIgnoreCase("SameSite")) {
+                sameSite = NewCookie.SameSite.valueOf(value.toUpperCase());
             } else if (name.equalsIgnoreCase("Expires")) {
                 try {
                     expiry = new SimpleDateFormat(OLD_COOKIE_PATTERN, Locale.US).parse(value);
@@ -71,7 +74,18 @@ public Object fromString(String newCookie) throws IllegalArgumentException {
             cookieValue = "";
         }
 
-        return new NewCookie(cookieName, cookieValue, path, domain, version, comment, maxAge, expiry, secure, httpOnly);
+        return new NewCookie.Builder(cookieName)
+                .value(cookieValue)
+                .path(path)
+                .domain(domain)
+                .version(version)
+                .comment(comment)
+                .maxAge(maxAge)
+                .expiry(expiry)
+                .secure(secure)
+                .httpOnly(httpOnly)
+                .sameSite(sameSite)
+                .build();
 
     }
 
@@ -124,6 +138,10 @@ public String toString(Object value) {
             b.append(";Secure");
         if (cookie.isHttpOnly())
             b.append(";HttpOnly");
+        if (cookie.getSameSite() != null) {
+            b.append(";SameSite=");
+            b.append(cookie.getSameSite());
+        }
         return b.toString();
     }
 }
diff --git a/...ertx/src/test/java/org/jboss/resteasy/reactive/server/vertx/test/headers/CookiesTest.java b/...ertx/src/test/java/org/jboss/resteasy/reactive/server/vertx/test/headers/CookiesTest.java
@@ -108,29 +108,29 @@ void testSameSite() {
                 .formParam("cookie", "greeting=\"hello\";SameSite=\"Lax\";")
                 .post("/cookies/set-cookie")
                 .then()
-                .cookie("greeting", detailedCookie().value("hello"));
+                .cookie("greeting", detailedCookie().value("hello").sameSite("LAX"));
     }
 
     @Test
     void testSameSiteWithoutColon() {
         given()
                 .when()
                 .urlEncodingEnabled(true)
-                .formParam("cookie", "greeting=\"hello\";SameSite=\"Lax\"")
+                .formParam("cookie", "greeting=\"hello\";SameSite=\"None\"")
                 .post("/cookies/set-cookie")
                 .then()
-                .cookie("greeting", detailedCookie().value("hello"));
+                .cookie("greeting", detailedCookie().value("hello").sameSite("NONE"));
     }
 
     @Test
     void testSameSiteLowercase() {
         given()
                 .when()
                 .urlEncodingEnabled(true)
-                .formParam("cookie", "greeting=\"hello\";samesite=\"Lax\"")
+                .formParam("cookie", "greeting=\"hello\";samesite=\"Strict\"")
                 .post("/cookies/set-cookie")
                 .then()
-                .cookie("greeting", detailedCookie().value("hello"));
+                .cookie("greeting", detailedCookie().value("hello").sameSite("STRICT"));
     }
 
     @Test