Updates

JunTaoLuo · JunTaoLuo · commit c6db8e0a8db2 · 2017-05-22T18:20:22.000-07:00
diff --git a/shared/Microsoft.AspNetCore.ChunkingCookieManager.Sources/ChunkingCookieManager.cs b/shared/Microsoft.AspNetCore.ChunkingCookieManager.Sources/ChunkingCookieManager.cs
@@ -33,7 +33,7 @@ internal class ChunkingCookieManager
         /// <summary>
         /// The default maximum size of characters in a cookie to send back to the client.
         /// </summary>
-        public const int DefaultChunkSize = 4070;
+        public const int DefaultChunkSize = 4050;
 
         private const string ChunkKeySuffix = "C";
         private const string ChunkCountPrefix = "chunks-";
@@ -42,7 +42,7 @@ public ChunkingCookieManager()
         {
             // Lowest common denominator. Safari has the lowest known limit (4093), and we leave little extra just in case.
             // See http://browsercookielimits.x64.me/.
-            // Leave at least 20 in case CookiePolicy tries to add 'secure' and/or 'httponly'.
+            // Leave at least 40 in case CookiePolicy tries to add 'secure', 'samesite=strict' and/or 'httponly'.
             ChunkSize = DefaultChunkSize;
             ThrowForPartialCookies = true;
         }
@@ -166,6 +166,7 @@ public void AppendResponseCookie(HttpContext context, string key, string value,
             {
                 Domain = options.Domain,
                 Expires = options.Expires,
+                SameSite = (Net.Http.Headers.SameSiteMode)options.SameSite,
                 HttpOnly = options.HttpOnly,
                 Path = options.Path,
                 Secure = options.Secure,
diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs
@@ -22,7 +22,7 @@ public CookieAuthenticationOptions()
             ReturnUrlParameter = CookieAuthenticationDefaults.ReturnUrlParameter;
             ExpireTimeSpan = TimeSpan.FromDays(14);
             SlidingExpiration = true;
-            CookieSameSite = SameSiteEnforcementMode.Strict;
+            CookieSameSite = SameSiteMode.Strict;
             CookieHttpOnly = true;
             CookieSecure = CookieSecurePolicy.SameAsRequest;
             Events = new CookieAuthenticationEvents();
@@ -61,7 +61,7 @@ public string CookieName
         /// Determines if the browser should allow the cookie to be attached to same-site or cross-site requests. The
         /// default is Strict, which means the cookie is only allowed to be attached to same-site requests.
         /// </summary>
-        public SameSiteEnforcementMode CookieSameSite { get; set; }
+        public SameSiteMode CookieSameSite { get; set; }
 
         /// <summary>
         /// Determines if the browser should allow the cookie to be accessed by client-side javascript. The
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
@@ -899,7 +899,7 @@ private void WriteNonceCookie(string nonce)
                 new CookieOptions
                 {
                     HttpOnly = true,
-                    SameSite = Http.SameSiteEnforcementMode.Lax,
+                    SameSite = Http.SameSiteMode.Lax,
                     Secure = Request.IsHttps,
                     Expires = Clock.UtcNow.Add(Options.ProtocolValidator.NonceLifetime)
                 });
@@ -931,7 +931,7 @@ private string ReadNonceCookie(string nonce)
                             var cookieOptions = new CookieOptions
                             {
                                 HttpOnly = true,
-                                SameSite = Http.SameSiteEnforcementMode.Lax,
+                                SameSite = Http.SameSiteMode.Lax,
                                 Secure = Request.IsHttps
                             };
 
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs
@@ -83,7 +83,7 @@ protected override async Task<AuthenticateResult> HandleRemoteAuthenticateAsync(
             var cookieOptions = new CookieOptions
             {
                 HttpOnly = true,
-                SameSite = SameSiteEnforcementMode.Lax,
+                SameSite = SameSiteMode.Lax,
                 Secure = Request.IsHttps
             };
 
@@ -161,7 +161,7 @@ protected override async Task HandleUnauthorizedAsync(ChallengeContext context)
             var cookieOptions = new CookieOptions
             {
                 HttpOnly = true,
-                SameSite = SameSiteEnforcementMode.Lax,
+                SameSite = SameSiteMode.Lax,
                 Secure = Request.IsHttps,
                 Expires = Clock.UtcNow.Add(Options.RemoteAuthenticationTimeout),
             };
diff --git a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
@@ -203,7 +203,7 @@ protected virtual void GenerateCorrelationId(AuthenticationProperties properties
             var cookieOptions = new CookieOptions
             {
                 HttpOnly = true,
-                SameSite = SameSiteEnforcementMode.Lax,
+                SameSite = SameSiteMode.Lax,
                 Secure = Request.IsHttps,
                 Expires = Clock.UtcNow.Add(Options.RemoteAuthenticationTimeout),
             };
@@ -243,7 +243,7 @@ protected virtual bool ValidateCorrelationId(AuthenticationProperties properties
             var cookieOptions = new CookieOptions
             {
                 HttpOnly = true,
-                SameSite = SameSiteEnforcementMode.Lax,
+                SameSite = SameSiteMode.Lax,
                 Secure = Request.IsHttps
             };
             Response.Cookies.Delete(cookieName, cookieOptions);
diff --git a/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyMiddleware.cs b/src/Microsoft.AspNetCore.CookiePolicy/CookiePolicyMiddleware.cs
@@ -156,13 +156,13 @@ private void ApplyPolicy(CookieOptions options)
                     case MinimumSameSiteStrictnessPolicy.None:
                         break;
                     case MinimumSameSiteStrictnessPolicy.Lax:
-                        if (options.SameSite == SameSiteEnforcementMode.None)
+                        if (options.SameSite == SameSiteMode.None)
                         {
-                            options.SameSite = SameSiteEnforcementMode.Lax;
+                            options.SameSite = SameSiteMode.Lax;
                         }
                         break;
                     case MinimumSameSiteStrictnessPolicy.Strict:
-                        options.SameSite = SameSiteEnforcementMode.Strict;
+                        options.SameSite = SameSiteMode.Strict;
                         break;
                     default:
                         throw new InvalidOperationException($"Unrecognized {nameof(MinimumSameSiteStrictnessPolicy)} value {Policy.SameSite.ToString()}");
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/CookieTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/CookieTests.cs
@@ -207,7 +207,7 @@ public async Task CookieOptionsAlterSetCookieHeader()
                 o.CookiePath = "/foo";
                 o.CookieDomain = "another.com";
                 o.CookieSecure = CookieSecurePolicy.Always;
-                o.CookieSameSite = SameSiteEnforcementMode.None;
+                o.CookieSameSite = SameSiteMode.None;
                 o.CookieHttpOnly = true;
             }, SignInAsAlice, baseAddress: new Uri("http://example.com/base"));
 
@@ -226,7 +226,7 @@ public async Task CookieOptionsAlterSetCookieHeader()
             {
                 o.CookieName = "SecondCookie";
                 o.CookieSecure = CookieSecurePolicy.None;
-                o.CookieSameSite = SameSiteEnforcementMode.Strict;
+                o.CookieSameSite = SameSiteMode.Strict;
                 o.CookieHttpOnly = false;
             }, SignInAsAlice, baseAddress: new Uri("http://example.com/base"));
 
diff --git a/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/CookieChunkingTests.cs b/test/Microsoft.AspNetCore.ChunkingCookieManager.Sources.Test/CookieChunkingTests.cs
@@ -27,7 +27,7 @@ public void AppendLargeCookieWithLimit_Chunked()
             HttpContext context = new DefaultHttpContext();
 
             string testString = "abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";
-            new ChunkingCookieManager() { ChunkSize = 30 }.AppendResponseCookie(context, "TestCookie", testString, new CookieOptions());
+            new ChunkingCookieManager() { ChunkSize = 44 }.AppendResponseCookie(context, "TestCookie", testString, new CookieOptions());
             var values = context.Response.Headers["Set-Cookie"];
             Assert.Equal(9, values.Count);
             Assert.Equal<string[]>(new[]
diff --git a/test/Microsoft.AspNetCore.CookiePolicy.Test/CookiePolicyTests.cs b/test/Microsoft.AspNetCore.CookiePolicy.Test/CookiePolicyTests.cs
@@ -39,10 +39,10 @@ public class CookiePolicyTests
         private RequestDelegate SameSiteCookieAppends = context =>
         {
             context.Response.Cookies.Append("A", "A");
-            context.Response.Cookies.Append("B", "B", new CookieOptions { SameSite = Http.SameSiteEnforcementMode.None });
+            context.Response.Cookies.Append("B", "B", new CookieOptions { SameSite = Http.SameSiteMode.None });
             context.Response.Cookies.Append("C", "C", new CookieOptions());
-            context.Response.Cookies.Append("D", "D", new CookieOptions { SameSite = Http.SameSiteEnforcementMode.Lax });
-            context.Response.Cookies.Append("E", "E", new CookieOptions { SameSite = Http.SameSiteEnforcementMode.Strict });
+            context.Response.Cookies.Append("D", "D", new CookieOptions { SameSite = Http.SameSiteMode.Lax });
+            context.Response.Cookies.Append("E", "E", new CookieOptions { SameSite = Http.SameSiteMode.Strict });
             return Task.FromResult(0);
         };
 
