diff --git a/lib/server.js b/lib/server.js index 97fe839d1..3fbee3e07 100644 --- a/lib/server.js +++ b/lib/server.js @@ -323,7 +323,8 @@ Server.prototype.handshake = function (transportName, req) { headers['Set-Cookie'] = cookieMod.serialize(self.cookie, id, { path: self.cookiePath, - httpOnly: self.cookiePath ? self.cookieHttpOnly : false + httpOnly: self.cookiePath ? self.cookieHttpOnly : false, + sameSite: true }); }); } diff --git a/test/server.js b/test/server.js index 9da4d109b..0d49c8a5b 100644 --- a/test/server.js +++ b/test/server.js @@ -117,7 +117,7 @@ describe('server', function () { expect(err).to.be(null); // hack-obtain sid var sid = res.text.match(/"sid":"([^"]+)"/)[1]; - expect(res.headers['set-cookie'][0]).to.be('io=' + sid + '; Path=/; HttpOnly'); + expect(res.headers['set-cookie'][0]).to.be('io=' + sid + '; Path=/; HttpOnly; SameSite=Strict'); done(); }); }); @@ -130,7 +130,7 @@ describe('server', function () { .end(function (err, res) { expect(err).to.be(null); var sid = res.text.match(/"sid":"([^"]+)"/)[1]; - expect(res.headers['set-cookie'][0]).to.be('woot=' + sid + '; Path=/; HttpOnly'); + expect(res.headers['set-cookie'][0]).to.be('woot=' + sid + '; Path=/; HttpOnly; SameSite=Strict'); done(); }); }); @@ -143,7 +143,7 @@ describe('server', function () { .end(function (err, res) { expect(err).to.be(null); var sid = res.text.match(/"sid":"([^"]+)"/)[1]; - expect(res.headers['set-cookie'][0]).to.be('io=' + sid + '; Path=/custom; HttpOnly'); + expect(res.headers['set-cookie'][0]).to.be('io=' + sid + '; Path=/custom; HttpOnly; SameSite=Strict'); done(); }); }); @@ -156,7 +156,7 @@ describe('server', function () { .end(function (err, res) { expect(err).to.be(null); var sid = res.text.match(/"sid":"([^"]+)"/)[1]; - expect(res.headers['set-cookie'][0]).to.be('io=' + sid); + expect(res.headers['set-cookie'][0]).to.be('io=' + sid + '; SameSite=Strict'); done(); }); }); @@ -169,7 +169,7 @@ describe('server', function () { .end(function (err, res) { expect(err).to.be(null); var sid = res.text.match(/"sid":"([^"]+)"/)[1]; - expect(res.headers['set-cookie'][0]).to.be('io=' + sid + '; Path=/; HttpOnly'); + expect(res.headers['set-cookie'][0]).to.be('io=' + sid + '; Path=/; HttpOnly; SameSite=Strict'); done(); }); }); @@ -182,7 +182,7 @@ describe('server', function () { .end(function (err, res) { expect(err).to.be(null); var sid = res.text.match(/"sid":"([^"]+)"/)[1]; - expect(res.headers['set-cookie'][0]).to.be('io=' + sid); + expect(res.headers['set-cookie'][0]).to.be('io=' + sid + '; SameSite=Strict'); done(); }); }); @@ -195,7 +195,7 @@ describe('server', function () { .end(function (err, res) { expect(err).to.be(null); var sid = res.text.match(/"sid":"([^"]+)"/)[1]; - expect(res.headers['set-cookie'][0]).to.be('io=' + sid + '; Path=/'); + expect(res.headers['set-cookie'][0]).to.be('io=' + sid + '; Path=/; SameSite=Strict'); done(); }); }); @@ -208,7 +208,7 @@ describe('server', function () { .end(function (err, res) { expect(err).to.be(null); var sid = res.text.match(/"sid":"([^"]+)"/)[1]; - expect(res.headers['set-cookie'][0]).to.be('io=' + sid + '; Path=/; HttpOnly'); + expect(res.headers['set-cookie'][0]).to.be('io=' + sid + '; Path=/; HttpOnly; SameSite=Strict'); done(); }); });