can't set 'none' to samesite

cloudflare / lua-resty-cookie

Lua library for HTTP cookie manipulations for OpenResty/ngx_lua

347 stars 160 forks source link

can't set 'none' to samesite #31

Closed tyiss closed 4 years ago

tyiss commented 4 years ago

The code is limiting the possible values of samesite attribute to either 'Strict' or 'Lax'. however there is another possible value: none. https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#SameSite_cookies

eberbis commented 4 years ago

Following up @tyiss comment, I came across the same issue. Anything different than Strict or Lax is currently considered as invalid. I have implemented a change to allow for None.

@p0pr0ck5, would you or any contributor have some time to review it? https://github.com/cloudflare/lua-resty-cookie/pull/32

Thanks in advance

jdesgats commented 4 years ago

I just merged the PR #32 mentioned by @eberbisl. This issue should be fixed now.