Added support for SameSite cookie flag

[anio]

Read more at:
https://golang.org/pkg/net/http/#Cookie

[codecov]

Codecov Report

Merging #1615 into master will increase coverage by 0.01%.
The diff coverage is 99.1%.

@@            Coverage Diff             @@
##           master    #1615      +/-   ##
==========================================
+ Coverage    98.5%   98.51%   +0.01%     
==========================================
  Files          40       41       +1     
  Lines        2267     2287      +20     
==========================================
+ Hits         2233     2253      +20     
  Misses         18       18              
  Partials       16       16

Impacted Files	Coverage Δ
render/msgpack.go	100% <ø> (ø)	⬆️
binding/default_validator.go	100% <ø> (ø)	⬆️
binding/msgpack.go	100% <ø> (ø)	⬆️
binding/form.go	100% <ø> (ø)	⬆️
render/render.go	100% <ø> (ø)	⬆️
binding/binding_nomsgpack.go	100% <100%> (ø)
path.go	100% <100%> (ø)	⬆️
auth.go	100% <100%> (ø)	⬆️
context.go	98.66% <100%> (ø)	⬆️
render/json.go	87.5% <100%> (ø)	⬆️
... and 18 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 5302dd3...1798a1f. Read the comment docs.

[appleboy]

Samesite flag only support on Golang v1.11

[JFKingsley]

Is there any chance that we could see this merged? There's several instances in codebases that I maintain where the ability to use this now that Go 1.11 is out would be massively useful.

[appleboy]

@anio sameSite mode only support on go 1.11 version.

https://golang.org/pkg/net/http/#Cookie

type Cookie struct {
    Name  string
    Value string

    Path       string    // optional
    Domain     string    // optional
    Expires    time.Time // optional
    RawExpires string    // for reading cookies only

    // MaxAge=0 means no 'Max-Age' attribute specified.
    // MaxAge<0 means delete cookie now, equivalently 'Max-Age: 0'
    // MaxAge>0 means Max-Age attribute present and given in seconds
    MaxAge   int
    Secure   bool
    HttpOnly bool
    SameSite SameSite // Go 1.11
    Raw      string
    Unparsed []string // Raw text of unparsed attribute-value pairs
}

[haywirez]

Could this issue get some more attention? Chrome 80 with same-site cookies by default is shipping in less than a month: https://chromiumdash.appspot.com/schedule

[haywirez]

An earlier comment in this thread that is a request for changes blocking the merge:

Samesite flag only support on Golang v1.11

The README already states that this project requires Go 1.11+. So I don't really see why this shouldn't be merged 🤔 ?

To install Gin package, you need to install Go and set your Go workspace first.

1. The first need Go installed (version 1.11+ is required), then you can use the below Go command to install Gin.

[thinkerou]

@appleboy I have fixed, please review, thanks!

[kailin4u]

do we have any strong reason to break back compatibility?
And according to https://semver.org/ version string design,which is a philosophy accepted by go modules,if there is any incompatibility ,the major version should change.