From 4ac9761e9347184bf887671a2d63ed6504681334 Mon Sep 17 00:00:00 2001
From: Robert Newson <rnewson@apache.org>
Date: Fri, 21 Sep 2018 16:29:16 +0100
Subject: [PATCH] Add support for SameSite cookie setting

Ref: https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-02
---
 src/mochiweb_cookies.erl | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/src/mochiweb_cookies.erl b/src/mochiweb_cookies.erl
index 95390418..013dbe07 100644
--- a/src/mochiweb_cookies.erl
+++ b/src/mochiweb_cookies.erl
@@ -52,6 +52,7 @@ cookie(Key, Value) ->
 %% where Option = {max_age, int_seconds()} | {local_time, {date(), time()}}
 %%                | {domain, string()} | {path, string()}
 %%                | {secure, true | false} | {http_only, true | false}
+%%                | {same_site, lax | strict}
 %%
 %% @doc Generate a Set-Cookie header field tuple.
 cookie(Key, Value, Options) ->
@@ -109,7 +110,17 @@ cookie(Key, Value, Options) ->
             _ ->
                 ""
         end,
-    CookieParts = [Cookie, ExpiresPart, SecurePart, DomainPart, PathPart, HttpOnlyPart],
+    SameSitePart =
+        case proplists:get_value(same_site, Options) of
+            undefined ->
+                "";
+            lax ->
+                "; SameSite=Lax";
+            strict ->
+                "; SameSite=Strict"
+        end,
+    CookieParts = [Cookie, ExpiresPart, SecurePart, DomainPart, PathPart,
+        HttpOnlyPart, SameSitePart],
     {"Set-Cookie", lists:flatten(CookieParts)}.