Support SameSite value "None" cookie attribute (#581)

* Support SameSite value "None" cookie attribute

* Fix typo in CookieSameSiteNoneMode comment

* fix comment for SameSite None

1 files changed, 16 insertions, 0 deletions

diff --git a/cookie.go b/cookie.go
index 8137643..fb6618a 100644
--- a/cookie.go
+++ b/cookie.go
@@ -31,6 +31,9 @@ const (
 	CookieSameSiteLaxMode
 	// CookieSameSiteStrictMode sets the SameSite flag with the "Strict" parameter
 	CookieSameSiteStrictMode
+	// CookieSameSiteNoneMode sets the SameSite flag with the "None" parameter
+	// see https://tools.ietf.org/html/draft-west-cookie-incrementalism-00
+	CookieSameSiteNoneMode
 )
 
 // AcquireCookie returns an empty Cookie object from the pool.
@@ -119,8 +122,12 @@ func (c *Cookie) SameSite() CookieSameSite {
 }
 
 // SetSameSite sets the cookie's SameSite flag to the given value.
+// set value CookieSameSiteNoneMode will set Secure to true also to avoid browser rejection
 func (c *Cookie) SetSameSite(mode CookieSameSite) {
 	c.sameSite = mode
+	if mode == CookieSameSiteNoneMode {
+		c.SetSecure(true)
+	}
 }
 
 // Path returns cookie path.
@@ -288,6 +295,11 @@ func (c *Cookie) AppendBytes(dst []byte) []byte {
 		dst = append(dst, strCookieSameSite...)
 		dst = append(dst, '=')
 		dst = append(dst, strCookieSameSiteStrict...)
+	case CookieSameSiteNoneMode:
+		dst = append(dst, ';', ' ')
+		dst = append(dst, strCookieSameSite...)
+		dst = append(dst, '=')
+		dst = append(dst, strCookieSameSiteNone...)
 	}
 	return dst
 }
@@ -386,6 +398,10 @@ func (c *Cookie) ParseBytes(src []byte) error {
 						if caseInsensitiveCompare(strCookieSameSiteStrict, kv.value) {
 							c.sameSite = CookieSameSiteStrictMode
 						}
+					case 'n': // "none"
+						if caseInsensitiveCompare(strCookieSameSiteNone, kv.value) {
+							c.sameSite = CookieSameSiteNoneMode
+						}
 					}
 				}
 			}