From 19cc58264a06dca47ed401fbaca32dcdb80a903b Mon Sep 17 00:00:00 2001 From: Damien Arrachequesne Date: Wed, 30 Dec 2020 09:19:14 +0100 Subject: [PATCH] feat: add support for all cookie options The "cookie" options can now be an object, which will be forwarded to the "cookie" module. The previous syntax is still valid: ``` new Server({ cookieName: "test", cookieHttpOnly: false, cookiePath: "/custom" }) ``` but the new syntax add support for all options: ``` new Server({ cookie: { name: "test", httpOnly: false, path: "/custom" sameSite: "lax" } }) ``` Reference: https://github.com/jshttp/cookie#options-1 Backported from master: https://github.com/socketio/engine.io/commit/a374471d06e3681a769766a1d068898182f9305f --- lib/server.js | 16 ++++++++++------ package-lock.json | 6 +++--- package.json | 2 +- test/server.js | 19 +++++++++++++++++++ 4 files changed, 33 insertions(+), 10 deletions(-) diff --git a/lib/server.js b/lib/server.js index e64c6293a..c691561b6 100644 --- a/lib/server.js +++ b/lib/server.js @@ -316,12 +316,16 @@ Server.prototype.handshake = function (transportName, req) { if (false !== this.cookie) { transport.on('headers', function (headers) { - headers['Set-Cookie'] = cookieMod.serialize(self.cookie, id, - { - path: self.cookiePath, - httpOnly: self.cookiePath ? self.cookieHttpOnly : false, - sameSite: true - }); + if (typeof self.cookie === 'object') { + headers['Set-Cookie'] = cookieMod.serialize(self.cookie.name, id, self.cookie); + } else { + headers['Set-Cookie'] = cookieMod.serialize(self.cookie, id, + { + path: self.cookiePath, + httpOnly: self.cookiePath ? self.cookieHttpOnly : false, + sameSite: true + }); + } }); } diff --git a/package-lock.json b/package-lock.json index c26b6a819..b8b1b6827 100644 --- a/package-lock.json +++ b/package-lock.json @@ -975,9 +975,9 @@ "dev": true }, "cookie": { - "version": "0.3.1", - "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.3.1.tgz", - "integrity": "sha1-5+Ch+e9DtMi6klxcWpboBtFoc7s=" + "version": "0.4.1", + "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.4.1.tgz", + "integrity": "sha512-ZwrFkGJxUR3EIoXtO+yVE69Eb7KlixbaeAWfBQB9vVsNn/o+Yw69gBWSSDK825hQNdN+wF8zELf3dFNl/kxkUA==" }, "cookiejar": { "version": "2.1.2", diff --git a/package.json b/package.json index 454060f9e..3fd22d64d 100644 --- a/package.json +++ b/package.json @@ -27,7 +27,7 @@ "dependencies": { "accepts": "~1.3.4", "base64id": "2.0.0", - "cookie": "0.3.1", + "cookie": "~0.4.1", "debug": "~4.1.0", "engine.io-parser": "~2.2.0", "ws": "~7.4.2" diff --git a/test/server.js b/test/server.js index 79c61bf46..d34f2f235 100644 --- a/test/server.js +++ b/test/server.js @@ -123,6 +123,25 @@ describe('server', function () { }); }); + it('should forward all cookie options', function (done) { + listen({ cookie: { + name: 'woot', + path: '/test', + httpOnly: true, + sameSite: 'lax' + }}, function (port) { + request.get('http://localhost:%d/engine.io/default/'.s(port)) + .query({ transport: 'polling', b64: 1 }) + .end(function (err, res) { + expect(err).to.be(null); + // hack-obtain sid + var sid = res.text.match(/"sid":"([^"]+)"/)[1]; + expect(res.headers['set-cookie'][0]).to.be('woot=' + sid + '; Path=/test; HttpOnly; SameSite=Lax'); + done(); + }); + }); + }); + it('should send the io cookie custom name', function (done) { listen({ cookie: 'woot' }, function (port) { request.get('http://localhost:%d/engine.io/default/'.s(port))