Add compatibility cookie for SameSite, with option to turn it off (#1232

) * Add compatibility cookie for SameSite, with option to turn it off * Add API docs for legacySameSiteCookie
auth0 · Jan 21, 2022 · 5eb72cf · 5eb72cf
1 parent c28fedd
commit 5eb72cf
Show file tree

Hide file tree

Showing 5 changed files with 278 additions and 191 deletions.
diff --git a/src/helper/storage/cookie.js b/src/helper/storage/cookie.js
@@ -1,14 +1,24 @@
 import Cookie from 'js-cookie';
 import objectHelper from '../object';
 import windowHandler from '../window';
-function CookieStorage() {}
+
+function buildCompatCookieKey(key) {
+  return '_' + key + '_compat';
+}
+
+function CookieStorage(options) {
+  this._options = options || {};
+}
 
 CookieStorage.prototype.getItem = function (key) {
-  return Cookie.get(key);
+  var cookie = Cookie.get(key);
+
+  return cookie || Cookie.get(buildCompatCookieKey(key));
 };
 
 CookieStorage.prototype.removeItem = function (key) {
   Cookie.remove(key);
+  Cookie.remove(buildCompatCookieKey(key));
 };
 
 CookieStorage.prototype.setItem = function (key, value, options) {
@@ -22,6 +32,12 @@ CookieStorage.prototype.setItem = function (key, value, options) {
   if (windowHandler.getWindow().location.protocol === 'https:') {
     params.secure = true;
     params.sameSite = 'none';
+
+    if (this._options.legacySameSiteCookie) {
+      // Save a compatibility cookie without sameSite='none' for browsers that don't support it.
+      var legacyOptions = objectHelper.blacklist(params, ['sameSite']);
+      Cookie.set(buildCompatCookieKey(key), value, legacyOptions);
+    }
   }
 
   Cookie.set(key, value, params);

diff --git a/src/helper/storage/handler.js b/src/helper/storage/handler.js
@@ -5,10 +5,12 @@ import Warn from '../warn';
 
 function StorageHandler(options) {
   this.warn = new Warn({});
-  this.storage = new CookieStorage();
+  this.storage = new CookieStorage(options);
+
   if (options.__tryLocalStorageFirst !== true) {
     return;
   }
+
   try {
     // some browsers throw an error when trying to access localStorage
     // when localStorage is disabled.
@@ -22,7 +24,7 @@ function StorageHandler(options) {
   }
 }
 
-StorageHandler.prototype.failover = function() {
+StorageHandler.prototype.failover = function () {
   if (this.storage instanceof DummyStorage) {
     this.warn.warning('DummyStorage: ignore failover');
     return;
@@ -35,7 +37,7 @@ StorageHandler.prototype.failover = function() {
   }
 };
 
-StorageHandler.prototype.getItem = function(key) {
+StorageHandler.prototype.getItem = function (key) {
   try {
     return this.storage.getItem(key);
   } catch (e) {
@@ -45,7 +47,7 @@ StorageHandler.prototype.getItem = function(key) {
   }
 };
 
-StorageHandler.prototype.removeItem = function(key) {
+StorageHandler.prototype.removeItem = function (key) {
   try {
     return this.storage.removeItem(key);
   } catch (e) {
@@ -55,7 +57,7 @@ StorageHandler.prototype.removeItem = function(key) {
   }
 };
 
-StorageHandler.prototype.setItem = function(key, value, options) {
+StorageHandler.prototype.setItem = function (key, value, options) {
   try {
     return this.storage.setItem(key, value, options);
   } catch (e) {