fix: change cookie default from NO_RESTRICTION to LAX_MODE (#31839)

* fix: change default from NO_RESTRICTION to LAX_MODE * chore: update cookie docs, redirect tests Co-authored-by: VerteDinde <khammond@slack-corp.com>
2026-04-10 03:01:51 -04:00 · 2021-11-15 10:33:44 -08:00
parent e8ba44c632
commit 55a293cfaf
3 changed files with 6 additions and 2 deletions
--- a/docs/api/cookies.md
+++ b/docs/api/cookies.md
@@ -99,7 +99,7 @@ the response.
  * `expirationDate` Double (optional) - The expiration date of the cookie as the number of
    seconds since the UNIX epoch. If omitted then the cookie becomes a session
    cookie and will not be retained between sessions.
-  * `sameSite` String (optional) - The [Same Site](https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#SameSite_cookies) policy to apply to this cookie.  Can be `unspecified`, `no_restriction`, `lax` or `strict`.  Default is `no_restriction`.
+  * `sameSite` String (optional) - The [Same Site](https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#SameSite_cookies) policy to apply to this cookie.  Can be `unspecified`, `no_restriction`, `lax` or `strict`.  Default is `lax`.

 Returns `Promise<void>` - A promise which resolves when the cookie has been set

--- a/shell/browser/api/electron_api_cookies.cc
+++ b/shell/browser/api/electron_api_cookies.cc
@@ -192,7 +192,7 @@ std::string InclusionStatusToString(net::CookieInclusionStatus status) {
 std::string StringToCookieSameSite(const std::string* str_ptr,
                                   net::CookieSameSite* same_site) {
  if (!str_ptr) {
-    *same_site = net::CookieSameSite::NO_RESTRICTION;
+    *same_site = net::CookieSameSite::LAX_MODE;
    return "";
  }
  const std::string& str = *str_ptr;
--- a/spec-main/api-net-spec.ts
+++ b/spec-main/api-net-spec.ts
@@ -759,14 +759,18 @@ describe('net module', () => {
          const cookieLocalVal = `${Date.now()}-local`;
          const localhostUrl = serverUrl.replace('127.0.0.1', 'localhost');
          expect(localhostUrl).to.not.equal(serverUrl);
+          // cookies with lax or strict same-site settings will not
+          // persist after redirects. no_restriction must be used
          await Promise.all([
            sess.cookies.set({
              url: serverUrl,
              name: 'wild_cookie',
+              sameSite: 'no_restriction',
              value: cookie127Val
            }), sess.cookies.set({
              url: localhostUrl,
              name: 'wild_cookie',
+              sameSite: 'no_restriction',
              value: cookieLocalVal
            })
          ]);