From 6e5b36beee4ce605b03e31a95575e8d6031fdb3d Mon Sep 17 00:00:00 2001
From: Rowan Merewood <rowan@merewood.org>
Date: Fri, 26 Apr 2019 14:06:30 +0100
Subject: [PATCH] Add SameSite=None support

closes #89
---
 HISTORY.md        |  5 +++++
 README.md         | 11 ++++++-----
 index.js          |  3 +++
 test/serialize.js |  8 ++++++++
 4 files changed, 22 insertions(+), 5 deletions(-)

diff --git a/HISTORY.md b/HISTORY.md
index 5bd6485..0f6f794 100644
--- a/HISTORY.md
+++ b/HISTORY.md
@@ -1,3 +1,8 @@
+unreleased
+==========
+
+  * Add `SameSite=None` support
+
 0.3.1 / 2016-05-26
 ==================
 
diff --git a/README.md b/README.md
index 85104bf..857fb77 100644
--- a/README.md
+++ b/README.md
@@ -110,15 +110,16 @@ is considered the ["default path"][rfc-6265-5.1.4].
 
 ##### sameSite
 
-Specifies the `boolean` or `string` to be the value for the [`SameSite` `Set-Cookie` attribute][draft-ietf-httpbis-cookie-same-site-00].
+Specifies the `boolean` or `string` to be the value for the [`SameSite` `Set-Cookie` attribute][rfc-6265bis-03-4.1.2.7].
 
   - `true` will set the `SameSite` attribute to `Strict` for strict same site enforcement.
   - `false` will not set the `SameSite` attribute.
   - `'lax'` will set the `SameSite` attribute to `Lax` for lax same site enforcement.
+  - `'none'` will set the `SameSite` attribute to `None` for an explicit cross-site cookie.
   - `'strict'` will set the `SameSite` attribute to `Strict` for strict same site enforcement.
 
-More information about the different enforcement levels can be found in the specification
-https://tools.ietf.org/html/draft-ietf-httpbis-cookie-same-site-00#section-4.1.1
+More information about the different enforcement levels can be found in
+[the specification][rfc-6265bis-03-4.1.2.7].
 
 **note** This is an attribute that has not yet been fully standardized, and may change in the future.
 This also means many clients may ignore this attribute until they understand it.
@@ -224,9 +225,9 @@ $ npm run bench
 ## References
 
 - [RFC 6265: HTTP State Management Mechanism][rfc-6265]
-- [Same-site Cookies][draft-ietf-httpbis-cookie-same-site-00]
+- [Same-site Cookies][rfc-6265bis-03-4.1.2.7]
 
-[draft-ietf-httpbis-cookie-same-site-00]: https://tools.ietf.org/html/draft-ietf-httpbis-cookie-same-site-00
+[rfc-6265bis-03-4.1.2.7]: https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-03#section-4.1.2.7
 [rfc-6265]: https://tools.ietf.org/html/rfc6265
 [rfc-6265-5.1.4]: https://tools.ietf.org/html/rfc6265#section-5.1.4
 [rfc-6265-5.2.1]: https://tools.ietf.org/html/rfc6265#section-5.2.1
diff --git a/index.js b/index.js
index ab2e467..16f56c0 100644
--- a/index.js
+++ b/index.js
@@ -170,6 +170,9 @@ function serialize(name, val, options) {
       case 'strict':
         str += '; SameSite=Strict';
         break;
+      case 'none':
+        str += '; SameSite=None';
+        break;
       default:
         throw new TypeError('option sameSite is invalid');
     }
diff --git a/test/serialize.js b/test/serialize.js
index 45f0388..ad28bdf 100644
--- a/test/serialize.js
+++ b/test/serialize.js
@@ -117,6 +117,14 @@ test('sameSite', function() {
     sameSite: 'lax'
   }));
 
+  assert.equal('foo=bar; SameSite=None', cookie.serialize('foo', 'bar', {
+    sameSite: 'None'
+  }));
+
+  assert.equal('foo=bar; SameSite=None', cookie.serialize('foo', 'bar', {
+    sameSite: 'none'
+  }));
+
   assert.equal('foo=bar', cookie.serialize('foo', 'bar', {
     sameSite: false
   }));