From 4fa797feaa1e1664ebcd50280f55f8100e0214ea Mon Sep 17 00:00:00 2001
From: xjl662750 <42456559+xjl662750@users.noreply.github.com>
Date: Tue, 29 Jun 2021 09:31:50 +0800
Subject: [PATCH 1/2] Update output.go

add SameSite for Cookie
---
 server/web/context/output.go | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/server/web/context/output.go b/server/web/context/output.go
index a981acfe..eeac368e 100644
--- a/server/web/context/output.go
+++ b/server/web/context/output.go
@@ -154,6 +154,13 @@ func (output *BeegoOutput) Cookie(name string, value string, others ...interface
 			fmt.Fprintf(&b, "; HttpOnly")
 		}
 	}
+	
+	// default empty
+	if len(others) > 5 {
+		if v, ok := others[5].(string); ok && len(v) > 0 {
+			fmt.Fprintf(&b, "; SameSite=%s", sanitizeValue(v))
+		}
+	}
 
 	output.Context.ResponseWriter.Header().Add("Set-Cookie", b.String())
 }

From 86b0a3ba3fd6359bf2be373ec4a7d045a6baf926 Mon Sep 17 00:00:00 2001
From: xjl <840825966@qq.com>
Date: Thu, 22 Jul 2021 16:18:20 +0800
Subject: [PATCH 2/2] add unit test cases

---
 server/web/context/context_test.go | 41 ++++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)

diff --git a/server/web/context/context_test.go b/server/web/context/context_test.go
index 3915a853..53717d31 100644
--- a/server/web/context/context_test.go
+++ b/server/web/context/context_test.go
@@ -70,3 +70,44 @@ func TestContext_Session2(t *testing.T) {
 		t.FailNow()
 	}
 }
+
+func TestSetCookie(t *testing.T) {
+	type cookie struct {
+		Name     string
+		Value    string
+		MaxAge   int64
+		Path     string
+		Domain   string
+		Secure   bool
+		HttpOnly bool
+		SameSite string
+	}
+	type testItem struct {
+		item cookie
+		want string
+	}
+	cases := []struct {
+		request string
+		valueGp []testItem
+	}{
+		{"/", []testItem{{cookie{"name", "value", -1, "/", "", false, false, "Strict"}, "name=value; Max-Age=0; Path=/; SameSite=Strict"}}},
+		{"/", []testItem{{cookie{"name", "value", -1, "/", "", false, false, "Lax"}, "name=value; Max-Age=0; Path=/; SameSite=Lax"}}},
+		{"/", []testItem{{cookie{"name", "value", -1, "/", "", false, false, "None"}, "name=value; Max-Age=0; Path=/; SameSite=None"}}},
+		{"/", []testItem{{cookie{"name", "value", -1, "/", "", false, false, ""}, "name=value; Max-Age=0; Path=/"}}},
+	}
+	for _, c := range cases {
+		r, _ := http.NewRequest("GET", c.request, nil)
+		output := NewOutput()
+		output.Context = NewContext()
+		output.Context.Reset(httptest.NewRecorder(), r)
+		for _, item := range c.valueGp {
+			params := item.item
+			var others = []interface{}{params.MaxAge, params.Path, params.Domain, params.Secure, params.HttpOnly, params.SameSite}
+			output.Context.SetCookie(params.Name, params.Value, others...)
+			got := output.Context.ResponseWriter.Header().Get("Set-Cookie")
+			if got != item.want {
+				t.Fatalf("SetCookie error,should be:\n%v \ngot:\n%v", item.want, got)
+			}
+		}
+	}
+}