From ae22ff04415c2ef05d9fc73d4eb2243478640c81 Mon Sep 17 00:00:00 2001
From: Dan Goodliffe <dan@randomdan.homeip.net>
Date: Sat, 18 Jan 2020 15:43:36 +0000
Subject: Set samesite=strict on cookies

---
 icespider/core/ihttpRequest.cpp  | 1 +
 icespider/unittests/testFcgi.cpp | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/icespider/core/ihttpRequest.cpp b/icespider/core/ihttpRequest.cpp
index 13fc447..bb0b7af 100644
--- a/icespider/core/ihttpRequest.cpp
+++ b/icespider/core/ihttpRequest.cpp
@@ -153,6 +153,7 @@ namespace IceSpider {
 		if (s){
 			"; secure"_fmt(o);
 		}
+		"; samesite=strict"_fmt(o);
 		setHeader(H::SET_COOKIE, o.str());
 	}
 
diff --git a/icespider/unittests/testFcgi.cpp b/icespider/unittests/testFcgi.cpp
index c7b239e..d8c1b0f 100644
--- a/icespider/unittests/testFcgi.cpp
+++ b/icespider/unittests/testFcgi.cpp
@@ -377,7 +377,7 @@ BOOST_AUTO_TEST_CASE( cookies )
 	BOOST_REQUIRE_EQUAL("Something with spaces.", *r.IceSpider::IHttpRequest::getCookieParam<std::string>("value B"));
 	BOOST_REQUIRE(!r.IceSpider::IHttpRequest::getCookieParam<Ice::Int>("notAThing"));
 	r.setCookie("some int.", 1234, "www.com"s, "/dir"s, true, 1476142378);
-	BOOST_REQUIRE_EQUAL("Set-Cookie: some+int%2e=1234; expires=Mon, 10 Oct 2016 23:32:58 GMT; domain=www.com; path=/dir; secure\r\n", r.out.str());
+	BOOST_REQUIRE_EQUAL("Set-Cookie: some+int%2e=1234; expires=Mon, 10 Oct 2016 23:32:58 GMT; domain=www.com; path=/dir; secure; samesite=strict\r\n", r.out.str());
 }
 
 BOOST_AUTO_TEST_CASE( response )
-- 
cgit v1.2.3