Feedback

Author: JunTaoLuo

src/Microsoft.AspNetCore.Http.Features/SameSiteEnforcementMode.cs

@@ -3,6 +3,8 @@
 
 namespace Microsoft.AspNetCore.Http
 {
+    // RFC Draft: https://tools.ietf.org/html/draft-ietf-httpbis-cookie-same-site-00
+    // This mirrors Microsoft.Net.Http.Headers.SameSiteEnforcementMode
     public enum SameSiteEnforcementMode
     {
         None = 0,

src/Microsoft.Net.Http.Headers/SameSiteEnforcementMode.cs

@@ -3,6 +3,7 @@
 
 namespace Microsoft.Net.Http.Headers
 {
+    // RFC Draft: https://tools.ietf.org/html/draft-ietf-httpbis-cookie-same-site-00
     public enum SameSiteEnforcementMode
     {
         None = 0,

src/Microsoft.Net.Http.Headers/SetCookieHeaderValue.cs

@@ -17,9 +17,10 @@ public class SetCookieHeaderValue
         private const string DomainToken = "domain";
         private const string PathToken = "path";
         private const string SecureToken = "secure";
+        // RFC Draft: https://tools.ietf.org/html/draft-ietf-httpbis-cookie-same-site-00
         private const string SameSiteToken = "samesite";
-        private static readonly string SameSiteLaxToken = SameSiteEnforcementMode.Lax.ToString();
-        private static readonly string SameSiteStrictToken = SameSiteEnforcementMode.Strict.ToString();
+        private static readonly string SameSiteLaxToken = SameSiteEnforcementMode.Lax.ToString().ToLower();
+        private static readonly string SameSiteStrictToken = SameSiteEnforcementMode.Strict.ToString().ToLower();
         private const string HttpOnlyToken = "httponly";
         private const string SeparatorToken = "; ";
         private const string EqualsToken = "=";
@@ -440,7 +441,7 @@ private static int GetSetCookieLength(string input, int startIndex, out SetCooki
                         {
                             result.SameSite = SameSiteEnforcementMode.Lax;
                         }
-                        else if (string.Equals(enforcementMode, SameSiteStrictToken, StringComparison.OrdinalIgnoreCase))
+                        else
                         {
                             result.SameSite = SameSiteEnforcementMode.Strict;
                         }

test/Microsoft.Net.Http.Headers.Tests/SetCookieHeaderValueTest.cs

@@ -26,7 +26,7 @@ public static TheoryData<SetCookieHeaderValue, string> SetCookieHeaderDataSet
                     Path = "path1",
                     Secure = true
                 };
-                dataset.Add(header1, "name1=n1=v1&n2=v2&n3=v3; expires=Sun, 06 Nov 1994 08:49:37 GMT; max-age=86400; domain=domain1; path=path1; secure; samesite=Strict; httponly");
+                dataset.Add(header1, "name1=n1=v1&n2=v2&n3=v3; expires=Sun, 06 Nov 1994 08:49:37 GMT; max-age=86400; domain=domain1; path=path1; secure; samesite=strict; httponly");
 
                 var header2 = new SetCookieHeaderValue("name2", "");
                 dataset.Add(header2, "name2=");
@@ -51,7 +51,7 @@ public static TheoryData<SetCookieHeaderValue, string> SetCookieHeaderDataSet
                 {
                     SameSite = SameSiteEnforcementMode.Lax,
                 };
-                dataset.Add(header6, "name6=value6; samesite=Lax");
+                dataset.Add(header6, "name6=value6; samesite=lax");
 
                 var header7 = new SetCookieHeaderValue("name7", "value7")
                 {
@@ -126,7 +126,7 @@ public static TheoryData<IList<SetCookieHeaderValue>, string[]> ListOfSetCookieH
                     Path = "path1",
                     Secure = true
                 };
-                var string1 = "name1=n1=v1&n2=v2&n3=v3; expires=Sun, 06 Nov 1994 08:49:37 GMT; max-age=86400; domain=domain1; path=path1; secure; samesite=Strict; httponly";
+                var string1 = "name1=n1=v1&n2=v2&n3=v3; expires=Sun, 06 Nov 1994 08:49:37 GMT; max-age=86400; domain=domain1; path=path1; secure; samesite=strict; httponly";
 
                 var header2 = new SetCookieHeaderValue("name2", "value2");
                 var string2 = "name2=value2";
@@ -148,13 +148,16 @@ public static TheoryData<IList<SetCookieHeaderValue>, string[]> ListOfSetCookieH
                 {
                     SameSite = SameSiteEnforcementMode.Lax
                 };
-                var string5 = "name5=value5; samesite=Lax";
+                var string5a = "name5=value5; samesite=lax";
+                var string5b = "name5=value5; samesite=Lax";
 
                 var header6 = new SetCookieHeaderValue("name6", "value6")
                 {
                     SameSite = SameSiteEnforcementMode.Strict
                 };
-                var string6 = "name6=value6; samesite";
+                var string6a = "name6=value6; samesite";
+                var string6b = "name6=value6; samesite=Strict";
+                var string6c = "name6=value6; samesite=invalid";
 
                 dataset.Add(new[] { header1 }.ToList(), new[] { string1 });
                 dataset.Add(new[] { header1, header1 }.ToList(), new[] { string1, string1 });
@@ -165,8 +168,11 @@ public static TheoryData<IList<SetCookieHeaderValue>, string[]> ListOfSetCookieH
                 dataset.Add(new[] { header2, header1 }.ToList(), new[] { string2 + ", " + string1 });
                 dataset.Add(new[] { header1, header2, header3, header4 }.ToList(), new[] { string1, string2, string3, string4 });
                 dataset.Add(new[] { header1, header2, header3, header4 }.ToList(), new[] { string.Join(",", string1, string2, string3, string4) });
-                dataset.Add(new[] { header5 }.ToList(), new[] { string5 });
-                dataset.Add(new[] { header6 }.ToList(), new[] { string6 });
+                dataset.Add(new[] { header5 }.ToList(), new[] { string5a });
+                dataset.Add(new[] { header5 }.ToList(), new[] { string5b });
+                dataset.Add(new[] { header6 }.ToList(), new[] { string6a });
+                dataset.Add(new[] { header6 }.ToList(), new[] { string6b });
+                dataset.Add(new[] { header6 }.ToList(), new[] { string6c });
 
                 return dataset;
             }