From 97de9c33d54114bc55131855273b0850b4503a6c Mon Sep 17 00:00:00 2001
From: Federico Ceratto <federico@debian.org>
Date: Thu, 11 Nov 2021 07:41:21 +0000
Subject: [PATCH] Add security tip for setCookie (#19117)

* Add security tip for setCookie

* Update lib/pure/cookies.nim

Co-authored-by: Dominik Picheta <dominikpicheta@googlemail.com>

* Update lib/pure/cookies.nim

Co-authored-by: konsumlamm <44230978+konsumlamm@users.noreply.github.com>

Co-authored-by: Andreas Rumpf <rumpf_a@web.de>
Co-authored-by: Dominik Picheta <dominikpicheta@googlemail.com>
Co-authored-by: konsumlamm <44230978+konsumlamm@users.noreply.github.com>
---
 lib/pure/cookies.nim | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/lib/pure/cookies.nim b/lib/pure/cookies.nim
index 25d701eb4471d..132f64637e8a4 100644
--- a/lib/pure/cookies.nim
+++ b/lib/pure/cookies.nim
@@ -50,6 +50,9 @@ proc setCookie*(key, value: string, domain = "", path = "",
                 maxAge = none(int), sameSite = SameSite.Default): string =
   ## Creates a command in the format of
   ## `Set-Cookie: key=value; Domain=...; ...`
+  ##
+
+  ## .. tip: Cookies can be vulnerable. Consider setting `secure=true`, `httpOnly=true` and `sameSite=Strict`.
   result = ""
   if not noName: result.add("Set-Cookie: ")
   result.add key & "=" & value