Add SameSite attribute to Cookies (#2928)

* Add SameSite attribute to Cookies

* Make HttpCookie.copy package-private

* Drop HttpCookie.createFromPair

* Make HttpCookie ctor with default values public

As that's what will typically be used. Going forward we don't plan adding
new values to ctors, but instead add values on the class itself that
can be manipulated with a `withXxx` method

* More detailed deprecation warning

Co-Authored-By: Johannes Rudolph <[email protected]>

* Add 'withSameSite' taking a scaladsl SameSite object

* Update copyright headers

* Add HttpHeaderSpec instances

* Remove HttpCookieTest, test via HttpHeaderSpec

* Don't include possibly-sensitive details in ErrorInfo toString

* Prefer 'withSameSite', deprecated ctor in favour of apply

Co-authored-by: Arnout Engelen <[email protected]>
Co-authored-by: Arnout Engelen <[email protected]>
Co-authored-by: Johannes Rudolph <[email protected]>

Author: 3 people

akka-http-core/src/main/java/akka/http/javadsl/model/headers/HttpCookie.java

@@ -4,13 +4,15 @@
 
 package akka.http.javadsl.model.headers;
 
+import akka.annotation.DoNotInherit;
 import akka.http.javadsl.model.DateTime;
 import akka.http.impl.util.Util;
 import scala.compat.java8.OptionConverters;
 
 import java.util.Optional;
 import java.util.OptionalLong;
 
+@DoNotInherit
 public abstract class HttpCookie {
     public abstract String name();
     public abstract String value();
@@ -23,22 +25,29 @@ public abstract class HttpCookie {
     public abstract boolean secure();
     public abstract boolean httpOnly();
     public abstract Optional<String> getExtension();
+    public abstract Optional<SameSite> getSameSite();
 
     public static HttpCookie create(String name, String value) {
         return new akka.http.scaladsl.model.headers.HttpCookie(
                 name, value,
                 Util.<akka.http.scaladsl.model.DateTime>scalaNone(), Util.scalaNone(), Util.<String>scalaNone(), Util.<String>scalaNone(),
                 false, false,
-                Util.<String>scalaNone());
+                Util.<String>scalaNone(),
+                Util.<akka.http.scaladsl.model.headers.SameSite>scalaNone());
     }
     public static HttpCookie create(String name, String value, Optional<String> domain, Optional<String> path) {
         return new akka.http.scaladsl.model.headers.HttpCookie(
                 name, value,
                 Util.<akka.http.scaladsl.model.DateTime>scalaNone(), Util.scalaNone(),
                 OptionConverters.toScala(domain), OptionConverters.toScala(path),
                 false, false,
-                Util.<String>scalaNone());
+                Util.<String>scalaNone(),
+                Util.<akka.http.scaladsl.model.headers.SameSite>scalaNone());
     }
+
+    /**
+     * @deprecated Since 10.2.0. Use {@link #create(String, String, Optional, OptionalLong, Optional, Optional, boolean, boolean, Optional, Optional)} instead.
+     */
     @SuppressWarnings("unchecked")
     public static HttpCookie create(
         String name,
@@ -58,7 +67,31 @@ public static HttpCookie create(
                 OptionConverters.toScala(path),
                 secure,
                 httpOnly,
-                OptionConverters.toScala(extension));
+                OptionConverters.toScala(extension),
+                Util.<akka.http.scaladsl.model.headers.SameSite>scalaNone());
+    }
+    @SuppressWarnings("unchecked")
+    public static HttpCookie create(
+            String name,
+            String value,
+            Optional<DateTime> expires,
+            OptionalLong maxAge,
+            Optional<String> domain,
+            Optional<String> path,
+            boolean secure,
+            boolean httpOnly,
+            Optional<String> extension,
+            Optional<SameSite> sameSite) {
+        return new akka.http.scaladsl.model.headers.HttpCookie(
+                name, value,
+                Util.<DateTime, akka.http.scaladsl.model.DateTime>convertOptionalToScala(expires),
+                OptionConverters.toScala(maxAge),
+                OptionConverters.toScala(domain),
+                OptionConverters.toScala(path),
+                secure,
+                httpOnly,
+                OptionConverters.toScala(extension),
+                OptionConverters.toScala(sameSite.map(SameSite::asScala)));
     }
 
     /**
@@ -91,6 +124,16 @@ public static HttpCookie create(
      */
     public abstract HttpCookie withHttpOnly(boolean httpOnly);
 
+    /**
+     * Returns a copy of this HttpCookie instance with the given {@link SameSite} set.
+     */
+    public abstract HttpCookie withSameSite(SameSite sameSite);
+
+    /**
+     * Returns a copy of this HttpCookie instance with the given Optional {@link SameSite} set.
+     */
+    public abstract HttpCookie withSameSite(Optional<SameSite> sameSite);
+
     /**
      * Returns a copy of this HttpCookie instance with the given extension set.
      */

akka-http-core/src/main/java/akka/http/javadsl/model/headers/SameSite.java

@@ -0,0 +1,25 @@
+/*
+ * Copyright (C) 2020 Lightbend Inc. <https://www.lightbend.com>
+ */
+
+package akka.http.javadsl.model.headers;
+
+/**
+ * The Cookie SameSite attribute as defined by <a href="https://tools.ietf.org/html/draft-ietf-httpbis-cookie-same-site-00">RFC6265bis</a>
+ * and <a href="https://tools.ietf.org/html/draft-west-cookie-incrementalism-00">Incrementally Better Cookies</a>.
+ */
+public enum SameSite {
+    Strict,
+    Lax,
+    // SameSite.None is different from not adding the SameSite attribute in a cookie.
+    // - Cookies without a SameSite attribute will be treated as SameSite=Lax.
+    // - Cookies for cross-site usage must specify `SameSite=None; Secure` to enable inclusion in third party
+    //   context. We are not enforcing `; Secure` when `SameSite=None`, but users should.
+    None;
+
+    public akka.http.scaladsl.model.headers.SameSite asScala() {
+        if (this == Strict) return akka.http.scaladsl.model.headers.SameSite.Strict$.MODULE$;
+        if (this == Lax) return akka.http.scaladsl.model.headers.SameSite.Lax$.MODULE$;
+        return akka.http.scaladsl.model.headers.SameSite.None$.MODULE$;
+    }
+}

akka-http-core/src/main/mima-filters/10.1.11.backwards.excludes/1354-add-HttpCookie-SameSite-attribute.backwards.excludes

@@ -0,0 +1,5 @@
+# Add SameSite attribute to HttpCookie
+
+ProblemFilters.exclude[ReversedMissingMethodProblem]("akka.http.javadsl.model.headers.HttpCookie.getSameSite")
+ProblemFilters.exclude[ReversedMissingMethodProblem]("akka.http.javadsl.model.headers.HttpCookie.withSameSite")
+

akka-http-core/src/main/scala/akka/http/impl/model/parser/CommonRules.scala

@@ -266,19 +266,19 @@ private[parser] trait CommonRules { this: Parser with StringBuilding =>
   }
 
   def `cookie-av` = rule {
-    `expires-av` | `max-age-av` | `domain-av` | `path-av` | `secure-av` | `httponly-av` | `extension-av`
+    `expires-av` | `max-age-av` | `domain-av` | `path-av` | `same-site-av` | `secure-av` | `httponly-av` | `extension-av`
   }
 
   def `expires-av` = rule {
-    ignoreCase("expires=") ~ OWS ~ `expires-date` ~> { (c: HttpCookie, dt: DateTime) => c.copy(expires = Some(dt)) }
+    ignoreCase("expires=") ~ OWS ~ `expires-date` ~> { (c: HttpCookie, dt: DateTime) => c.withExpires(dt) }
   }
 
   def `max-age-av` = rule {
-    ignoreCase("max-age=") ~ OWS ~ longNumberCappedAtIntMaxValue ~> { (c: HttpCookie, seconds: Long) => c.copy(maxAge = Some(seconds)) }
+    ignoreCase("max-age=") ~ OWS ~ longNumberCappedAtIntMaxValue ~> { (c: HttpCookie, seconds: Long) => c.withMaxAge(seconds) }
   }
 
   def `domain-av` = rule {
-    ignoreCase("domain=") ~ OWS ~ `domain-value` ~> { (c: HttpCookie, domainName: String) => c.copy(domain = Some(domainName)) }
+    ignoreCase("domain=") ~ OWS ~ `domain-value` ~> { (c: HttpCookie, domainName: String) => c.withDomain(domainName) }
   }
 
   // https://tools.ietf.org/html/rfc1034#section-3.5 relaxed by https://tools.ietf.org/html/rfc1123#section-2
@@ -288,20 +288,28 @@ private[parser] trait CommonRules { this: Parser with StringBuilding =>
   }
 
   def `path-av` = rule {
-    ignoreCase("path=") ~ OWS ~ `path-value` ~> { (c: HttpCookie, pathValue: String) => c.copy(path = Some(pathValue)) }
+    ignoreCase("path=") ~ OWS ~ `path-value` ~> { (c: HttpCookie, pathValue: String) => c.withPath(pathValue) }
   }
 
   // http://www.rfc-editor.org/errata_search.php?rfc=6265
   def `path-value` = rule {
     capture(zeroOrMore(`av-octet`)) ~ OWS
   }
 
+  def `same-site-av` = rule {
+    ignoreCase("samesite=") ~ OWS ~ `same-site-value` ~> { (c: HttpCookie, sameSiteValue: String) => c.withSameSite(sameSite = SameSite(sameSiteValue)) }
+  }
+
+  def `same-site-value` = rule {
+    capture(ignoreCase("lax") | ignoreCase("strict") | ignoreCase("none")) ~ OWS
+  }
+
   def `secure-av` = rule {
-    ignoreCase("secure") ~ OWS ~> { (cookie: HttpCookie) => cookie.copy(secure = true) }
+    ignoreCase("secure") ~ OWS ~> { (cookie: HttpCookie) => cookie.withSecure(true) }
   }
 
   def `httponly-av` = rule {
-    ignoreCase("httponly") ~ OWS ~> { (cookie: HttpCookie) => cookie.copy(httpOnly = true) }
+    ignoreCase("httponly") ~ OWS ~> { (cookie: HttpCookie) => cookie.withHttpOnly(true) }
   }
 
   // http://www.rfc-editor.org/errata_search.php?rfc=6265
@@ -310,9 +318,10 @@ private[parser] trait CommonRules { this: Parser with StringBuilding =>
       | ignoreCase("max-age=")
       | ignoreCase("domain=")
       | ignoreCase("path=")
+      | ignoreCase("samesite=")
       | ignoreCase("secure")
       | ignoreCase("httponly")) ~
-      capture(zeroOrMore(`av-octet`)) ~ OWS ~> { (c: HttpCookie, s: String) => c.copy(extension = Some(s)) }
+      capture(zeroOrMore(`av-octet`)) ~ OWS ~> { (c: HttpCookie, s: String) => c.withExtension(s) }
   }
 
   // ******************************************************************************************

akka-http-core/src/main/scala/akka/http/scaladsl/model/ErrorInfo.scala

@@ -47,6 +47,8 @@ final class ErrorInfo(
 
   /** INTERNAL API */
   @InternalApi private[akka] def this(summary: String, detail: String) = this(summary, detail, "")
+
+  override def toString(): String = s"ErrorInfo($summary, (details omitted), $errorHeaderName)"
 }
 
 object ErrorInfo {