rails_same_site_cookie 0.1.7 → 0.1.8

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: e90b3982c9eebd7f23479d652b06c2ebc9c545d9
-  data.tar.gz: abee0ea3d56fae2117011aa9ec5903238b07c540
+  metadata.gz: 618cf5109f133dcb39a5d87e17f20efe177cad03
+  data.tar.gz: 5a4f0cc5a8db31861d286304071168b09ed4a307
 SHA512:
-  metadata.gz: 2e669586ce4bfcb1e3fd5cbfdb45ada561007fa85e39a7f616d7e3f26326dc997ce1ac8074f48d4cf76b18e0d3fe3cdf8fb7247feebc097f016018d9f20ddc31
-  data.tar.gz: 4c72ec9ad93a644a2cf8dbd7d5f237393e7530f26056183fbb2d14522c5453f9a734321f16438ff68685f27d33e2afe640dc06fb857d6c73eb799073095ddf88
+  metadata.gz: 8aa434cfd9495919993399d8644546c9c978794331cc6a32d4f429d8498949aab74d240d0b56f683a0a1e0d1929a22346170e389556d814a865bfb5b352cce6a
+  data.tar.gz: 7bb3208e5804dd672a429e62297f55ac3da376b0200d6d5cac93eca77aa0c88e9374cf11336e3307c24ea7d1d36735d3172b03352f95a282bff244d1c9c0f98d

data/README.md

@@ -9,7 +9,7 @@ This new behavior shouldn't be a problem for most apps but if your Rails app pro
 This gem fixes the above problems by explicity setting SameSite=None for all cookies where the SameSite directive is missing and the requesting user agent is not in Chrome's [provided list of known incompatible clients](https://www.chromium.org/updates/same-site/incompatible-clients).
 
 ### Note about HTTP requests and local testing
-Note that the gem only sets the "Secure" flag (which Chrome will also require for SameSite=None cookies) on cookies sent over HTTPS. So if you're testing on your local machine and you haven't setup your localhost to use SSL you will see warnings in Chrome about the cookies lacking the Secure flag. If the gem did set this flag in these cases, you would not see the warning and instead the cookies would simply be ignored. Once Chrome 80 is released you will either have to setup SSL on your localhost or start using a different browser for development, because Chrome will begin ignoring these cookies for lacking the Secure flag.
+Note that for Chrome/Chromium based browsers the gem only sets the SameSite flag on cookies sent over HTTPS. So if you're testing on your local machine and you haven't setup your localhost to use SSL you will see warnings in versions of Chrome less than 80 about the missing SameSite flag, and in Chrome 80+ these cookies will be ignored entirely. To work around this in Chrome 80+ without setting up SSL you can disable the following Chrome flags: chrome://flags/ -> `SameSite by default cookies` and `Cookies without SameSite must be secure`.
 
 ## Installation
 

data/lib/rails_same_site_cookie/middleware.rb

@@ -22,6 +22,8 @@ module RailsSameSiteCookie
 
           cookies.each do |cookie|
             next if cookie == '' or cookie.nil?
+            next if !ssl && parser.chrome? # https://www.chromestatus.com/feature/5633521622188032
+
             if ssl and not cookie =~ /;\s*secure/i
               cookie << '; Secure'
             end

data/lib/rails_same_site_cookie/user_agent_checker.rb

@@ -21,6 +21,10 @@ module RailsSameSiteCookie
       return !missing_same_site_none_support?
     end
 
+    def chrome?
+      is_chromium_based?
+    end
+
     private
     def missing_same_site_none_support?
       has_webkit_ss_bug? or drops_unrecognized_ss_cookies?

data/lib/rails_same_site_cookie/version.rb

@@ -1,3 +1,3 @@
 module RailsSameSiteCookie
-  VERSION = "0.1.7"
+  VERSION = "0.1.8"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rails_same_site_cookie
 version: !ruby/object:Gem::Version
-  version: 0.1.7
+  version: 0.1.8
 platform: ruby
 authors:
 - Philip Schinis
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2020-03-05 00:00:00.000000000 Z
+date: 2020-03-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler