forked from jooby-project/jooby
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathSameSite.java
More file actions
79 lines (69 loc) · 2.23 KB
/
SameSite.java
File metadata and controls
79 lines (69 loc) · 2.23 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
/**
* Jooby https://jooby.io
* Apache License Version 2.0 https://jooby.io/LICENSE.txt
* Copyright 2014 Edgar Espina
*/
package io.jooby;
import static java.util.Arrays.stream;
import static java.util.stream.Collectors.joining;
/**
* The SameSite attribute of the Set-Cookie HTTP response header allows you to declare
* if your cookie should be restricted to a first-party or same-site context.
*
* @see <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite">
* https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite</a>
*/
public enum SameSite {
/**
* Cookies are allowed to be sent with top-level navigations and will be sent along with
* GET request initiated by third party website. This is the default value in modern browsers.
*/
LAX("Lax"),
/**
* Cookies will only be sent in a first-party context and not be sent along with
* requests initiated by third party websites.
*/
STRICT("Strict"),
/**
* Cookies will be sent in all contexts, i.e sending cross-origin is allowed.
* Requires the {@code Secure} attribute in latest browser versions.
*/
NONE("None");
SameSite(String value) {
this.value = value;
}
private final String value;
/**
* Returns the parameter value used in {@code Set-Cookie}.
*
* @return the parameter value.
*/
public String getValue() {
return value;
}
/**
* Returns whether this value requires the cookie to be flagged as {@code Secure}.
*
* @return {@code true} if the cookie should be secure.
*/
public boolean requiresSecure() {
return this == NONE;
}
/**
* Returns an instance of this class based on value it uses in {@code Set-Cookie}.
*
* @param value the value.
* @return an instance of this class.
* @see #getValue()
* @throws IllegalArgumentException if an invalid value is specified.
*/
public static SameSite of(String value) {
return stream(values())
.filter(v -> v.getValue().equals(value))
.findFirst()
.orElseThrow(() -> new IllegalArgumentException("Invalid SameSite value '"
+ value + "'. Use one of: " + stream(values())
.map(SameSite::getValue)
.collect(joining(", "))));
}
}