Skip to content

Commit

Permalink
Add "partitioned" option for CHIPS support
Browse files Browse the repository at this point in the history
  • Loading branch information
Matt Neal authored and dougwilson committed Dec 28, 2023
1 parent 2fb212e commit 5c9dec9
Show file tree
Hide file tree
Showing 5 changed files with 56 additions and 0 deletions.
1 change: 1 addition & 0 deletions HISTORY.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
unreleased
==========

* Add `partitioned` option for CHIPS support
* Add `priority` option for Priority cookie support
* Fix accidental cookie name/value truncation when given invalid chars
* Fix `maxAge` option to reject invalid values
Expand Down
1 change: 1 addition & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -71,6 +71,7 @@ If the _options_ object is provided, it will be used to generate the outbound co
* `domain`: a string indicating the domain of the cookie (no default).
* `secure`: a boolean indicating whether the cookie is only to be sent over HTTPS (`false` by default for HTTP, `true` by default for HTTPS). [Read more about this option below](#secure-cookies).
* `httpOnly`: a boolean indicating whether the cookie is only to be sent over HTTP(S), and not made available to client JavaScript (`true` by default).
* `partitioned`: a boolean indicating whether to partition the cookie in Chrome for the [CHIPS Update](https://developers.google.com/privacy-sandbox/3pcd/chips) (`false` by default). If this is true, Cookies from embedded sites will be partitioned and only readable from the same top level site from which it was created.
* `priority`: a string indicating the cookie priority. This can be set to `'low'`, `'medium'`, or `'high'`.
* `sameSite`: a boolean or string indicating whether the cookie is a "same site" cookie (`false` by default). This can be set to `'strict'`, `'lax'`, `'none'`, or `true` (which maps to `'strict'`).
* `signed`: a boolean indicating whether the cookie is to be signed (`false` by default). If this is true, another cookie of the same name with the `.sig` suffix appended will also be sent, with a 27-byte url-safe base64 SHA1 value representing the hash of _cookie-name_=_cookie-value_ against the first [Keygrip](https://www.npmjs.com/package/keygrip) key. This signature key is used to detect tampering the next time a cookie is received.
Expand Down
2 changes: 2 additions & 0 deletions index.js
Original file line number Diff line number Diff line change
Expand Up @@ -189,6 +189,7 @@ Cookie.prototype.path = "/";
Cookie.prototype.expires = undefined;
Cookie.prototype.domain = undefined;
Cookie.prototype.httpOnly = true;
Cookie.prototype.partitioned = false
Cookie.prototype.priority = undefined
Cookie.prototype.sameSite = false;
Cookie.prototype.secure = false;
Expand All @@ -210,6 +211,7 @@ Cookie.prototype.toHeader = function() {
if (this.sameSite ) header += "; samesite=" + (this.sameSite === true ? 'strict' : this.sameSite.toLowerCase())
if (this.secure ) header += "; secure"
if (this.httpOnly ) header += "; httponly"
if (this.partitioned) header += '; partitioned'

return header
};
Expand Down
26 changes: 26 additions & 0 deletions test/cookie.js
Original file line number Diff line number Diff line change
Expand Up @@ -81,6 +81,32 @@ describe('new Cookie(name, value, [options])', function () {
})
})

describe('partitioned', function () {
it('should set the .partitioned property', function () {
var cookie = new cookies.Cookie('foo', 'bar', { partitioned: true })
assert.strictEqual(cookie.partitioned, true)
})

it('should default to false', function () {
var cookie = new cookies.Cookie('foo', 'bar')
assert.strictEqual(cookie.partitioned, false)
})

describe('when set to false', function () {
it('should not set partitioned attribute in header', function () {
var cookie = new cookies.Cookie('foo', 'bar', { partitioned: false })
assert.strictEqual(cookie.toHeader(), 'foo=bar; path=/; httponly')
})
})

describe('when set to true', function () {
it('should set partitioned attribute in header', function () {
var cookie = new cookies.Cookie('foo', 'bar', { partitioned: true })
assert.strictEqual(cookie.toHeader(), 'foo=bar; path=/; httponly; partitioned')
})
})
})

describe('priority', function () {
it('should set the .priority property', function () {
var cookie = new cookies.Cookie('foo', 'bar', { priority: 'low' })
Expand Down
26 changes: 26 additions & 0 deletions test/test.js
Original file line number Diff line number Diff line change
Expand Up @@ -339,6 +339,32 @@ describe('new Cookies(req, res, [options])', function () {
})
})

describe('"partitioned" option', function () {
it('should not be set by default', function (done) {
request(createServer(setCookieHandler('foo', 'bar')))
.get('/')
.expect(200)
.expect(shouldSetCookieWithoutAttribute('foo', 'partitioned'))
.end(done)
})

it('should set to true', function (done) {
request(createServer(setCookieHandler('foo', 'bar', { partitioned: true })))
.get('/')
.expect(200)
.expect(shouldSetCookieWithAttribute('foo', 'partitioned'))
.end(done)
})

it('should set to false', function (done) {
request(createServer(setCookieHandler('foo', 'bar', { partitioned: false })))
.get('/')
.expect(200)
.expect(shouldSetCookieWithoutAttribute('foo', 'partitioned'))
.end(done)
})
})

describe('"path" option', function () {
it('should default to "/"', function (done) {
request(createServer(setCookieHandler('foo', 'bar')))
Expand Down

0 comments on commit 5c9dec9

Please sign in to comment.