From 195ad4c6264c3563044480685931999ffa9d3d5c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E6=9C=A8=E6=9D=89?= <zhmushan@qq.com>
Date: Fri, 10 Apr 2020 22:12:42 +0800
Subject: [PATCH] fix(std/http): verify cookie name & update SameSite type
 (#4685)

---
 std/http/cookie.ts      | 10 ++++++++--
 std/http/cookie_test.ts |  4 ++++
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/std/http/cookie.ts b/std/http/cookie.ts
index 41d4175181..22ecf3bc79 100644
--- a/std/http/cookie.ts
+++ b/std/http/cookie.ts
@@ -22,9 +22,12 @@ export interface Cookie {
   unparsed?: string[];
 }
 
-export type SameSite = "Strict" | "Lax";
+export type SameSite = "Strict" | "Lax" | "None";
 
 function toString(cookie: Cookie): string {
+  if (!cookie.name) {
+    return "";
+  }
   const out: string[] = [];
   out.push(`${cookie.name}=${cookie.value}`);
 
@@ -115,7 +118,10 @@ export function setCookie(res: Response, cookie: Cookie): void {
   // TODO (zekth) : Add proper parsing of Set-Cookie headers
   // Parsing cookie headers to make consistent set-cookie header
   // ref: https://tools.ietf.org/html/rfc6265#section-4.1.1
-  res.headers.append("Set-Cookie", toString(cookie));
+  const v = toString(cookie);
+  if (v) {
+    res.headers.append("Set-Cookie", v);
+  }
 }
 
 /**
diff --git a/std/http/cookie_test.ts b/std/http/cookie_test.ts
index 52bd8c3757..2c85430535 100644
--- a/std/http/cookie_test.ts
+++ b/std/http/cookie_test.ts
@@ -214,5 +214,9 @@ test({
       res.headers.get("Set-Cookie"),
       "cookie-1=value-1; Secure, cookie-2=value-2; Max-Age=3600"
     );
+
+    res.headers = new Headers();
+    setCookie(res, { name: "", value: "" });
+    assertEquals(res.headers.get("Set-Cookie"), null);
   },
 });