Add "partitioned" to cookie options

alexop1000 · dougwilson · commit 408229ea3373 · 2024-01-28T15:24:39.000-05:00
fixes #961 closes #966
diff --git a/HISTORY.md b/HISTORY.md
@@ -1,10 +1,11 @@
 unreleased
 ==========
 
+  * Add `partitioned` to `cookie` options
   * Add `priority` to `cookie` options
   * Fix handling errors from setting cookie
   * Support any type in `secret` that `crypto.createHmac` supports
-  * deps: cookie@0.5.0
+  * deps: cookie@0.6.0
     - Fix `expires` option to reject invalid dates
     - perf: improve default decode speed
     - perf: remove slow string split in parse
diff --git a/README.md b/README.md
@@ -89,6 +89,18 @@ no maximum age is set.
 **Note** If both `expires` and `maxAge` are set in the options, then the last one
 defined in the object is what is used.
 
+##### cookie.partitioned
+
+Specifies the `boolean` value for the [`Partitioned` `Set-Cookie`](rfc-cutler-httpbis-partitioned-cookies)
+attribute. When truthy, the `Partitioned` attribute is set, otherwise it is not.
+By default, the `Partitioned` attribute is not set.
+
+**Note** This is an attribute that has not yet been fully standardized, and may
+change in the future. This also means many clients may ignore this attribute until
+they understand it.
+
+More information about can be found in [the proposal](https://github.com/privacycg/CHIPS).
+
 ##### cookie.path
 
 Specifies the value for the `Path` `Set-Cookie`. By default, this is set to `'/'`, which
@@ -1003,6 +1015,7 @@ On Windows, use the corresponding command;
 [MIT](LICENSE)
 
 [rfc-6265bis-03-4.1.2.7]: https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-03#section-4.1.2.7
+[rfc-cutler-httpbis-partitioned-cookies]: https://tools.ietf.org/html/draft-cutler-httpbis-partitioned-cookies/
 [rfc-west-cookie-priority-00-4.1]: https://tools.ietf.org/html/draft-west-cookie-priority-00#section-4.1
 [ci-image]: https://badgen.net/github/checks/expressjs/session/master?label=ci
 [ci-url]: https://github.com/expressjs/session/actions?query=workflow%3Aci
diff --git a/package.json b/package.json
@@ -10,7 +10,7 @@
   "repository": "expressjs/session",
   "license": "MIT",
   "dependencies": {
-    "cookie": "0.5.0",
+    "cookie": "0.6.0",
     "cookie-signature": "1.0.7",
     "debug": "2.6.9",
     "depd": "~2.0.0",
diff --git a/session/cookie.js b/session/cookie.js
@@ -117,6 +117,7 @@ Cookie.prototype = {
   get data() {
     return {
       originalMaxAge: this.originalMaxAge,
+      partitioned: this.partitioned,
       priority: this.priority
       , expires: this._expires
       , secure: this.secure
diff --git a/test/cookie.js b/test/cookie.js
@@ -107,6 +107,14 @@ describe('new Cookie()', function () {
       })
     })
 
+    describe('partitioned', function () {
+      it('should set partitioned', function () {
+        var cookie = new Cookie({ partitioned: true })
+
+        assert.strictEqual(cookie.partitioned, true)
+      })
+    })
+
     describe('path', function () {
       it('should set path', function () {
         var cookie = new Cookie({ path: '/foo' })
diff --git a/test/session.js b/test/session.js
@@ -2233,6 +2233,41 @@ describe('session()', function(){
           })
         })
       })
+
+      describe('.partitioned', function () {
+        describe('by default', function () {
+          it('should not set partitioned attribute', function (done) {
+            var server = createServer()
+
+            request(server)
+              .get('/')
+              .expect(shouldSetCookieWithoutAttribute('connect.sid', 'Partitioned'))
+              .expect(200, done)
+          })
+        })
+
+        describe('when "false"', function () {
+          it('should not set partitioned attribute', function (done) {
+            var server = createServer({ cookie: { partitioned: false } })
+
+            request(server)
+              .get('/')
+              .expect(shouldSetCookieWithoutAttribute('connect.sid', 'Partitioned'))
+              .expect(200, done)
+          })
+        })
+
+        describe('when "true"', function () {
+          it('should set partitioned attribute', function (done) {
+            var server = createServer({ cookie: { partitioned: true } })
+
+            request(server)
+              .get('/')
+              .expect(shouldSetCookieWithAttribute('connect.sid', 'Partitioned'))
+              .expect(200, done)
+          })
+        })
+      })
     })
   })
 
