Added support for SameSite cookie flag

2025-10-20 00:02:16 +08:00 · 2018-10-29 08:58:11 +00:00 · 2018-10-29 08:58:11 +00:00 · 1133e83701
commit 1133e83701
parent c65e5efc9a
2 changed files with 4 additions and 3 deletions
--- a/context.go
+++ b/context.go
@ -686,7 +686,7 @@ func (c *Context) GetRawData() ([]byte, error) {
 // SetCookie adds a Set-Cookie header to the ResponseWriter's headers.
 // The provided cookie must have a valid Name. Invalid cookies may be
 // silently dropped.
-func (c *Context) SetCookie(name, value string, maxAge int, path, domain string, secure, httpOnly bool) {
+func (c *Context) SetCookie(name, value string, maxAge int, path, domain string, secure, httpOnly bool, sameSite string) {
 	if path == "" {
 		path = "/"
 	}
@ -698,6 +698,7 @@ func (c *Context) SetCookie(name, value string, maxAge int, path, domain string,
 		Domain:   domain,
 		Secure:   secure,
 		HttpOnly: httpOnly,
+		SameSite: sameSite,
 	})
 }

--- a/context_test.go
+++ b/context_test.go
@ -580,13 +580,13 @@ func TestContextPostFormMultipart(t *testing.T) {
 func TestContextSetCookie(t *testing.T) {
 	c, _ := CreateTestContext(httptest.NewRecorder())
 	c.SetCookie("user", "gin", 1, "/", "localhost", true, true)
-	assert.Equal(t, "user=gin; Path=/; Domain=localhost; Max-Age=1; HttpOnly; Secure", c.Writer.Header().Get("Set-Cookie"))
+	assert.Equal(t, "user=gin; Path=/; Domain=localhost; Max-Age=1; HttpOnly; SameSite=Lax; Secure", c.Writer.Header().Get("Set-Cookie"))
 }

 func TestContextSetCookiePathEmpty(t *testing.T) {
 	c, _ := CreateTestContext(httptest.NewRecorder())
 	c.SetCookie("user", "gin", 1, "", "localhost", true, true)
-	assert.Equal(t, "user=gin; Path=/; Domain=localhost; Max-Age=1; HttpOnly; Secure", c.Writer.Header().Get("Set-Cookie"))
+	assert.Equal(t, "user=gin; Path=/; Domain=localhost; Max-Age=1; HttpOnly; SameSite=Lax; Secure", c.Writer.Header().Get("Set-Cookie"))
 }

 func TestContextGetCookie(t *testing.T) {