Express: Add SameSite option to response.cookie()

Created on 5 Oct 2016  ·  6Comments  ·  Source: expressjs/express

Add support for the SameSite flag on cookies.

4.x question
Source
picture ShimShamSam

Most helpful comment

Thanks for the suggestion! We added it in the 4.14.0 release :)

Here is an example:

$ npm i express
[email protected] node_modules\express
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected] ([email protected])
├── [email protected]
├── [email protected] ([email protected], [email protected])
├── [email protected] ([email protected])
├── [email protected] ([email protected], [email protected])
├── [email protected] ([email protected], [email protected], [email protected], [email protected], [email protected])
├── [email protected] ([email protected], [email protected])
└── [email protected] ([email protected], [email protected])

$ cat app.js
var express = require('express')

var app = express()

app.get('/', function (req, res) {
  res.cookie('foo', 'bar', {
    sameSite: true
  })
  res.end()
})

app.listen(4000)

$ node app.js &
[1] 10804

$ curl -Is http://127.0.0.1:4000
HTTP/1.1 200 OK
X-Powered-By: Express
Set-Cookie: foo=bar; Path=/; SameSite=Strict
Date: Wed, 05 Oct 2016 13:24:13 GMT
Connection: keep-alive
picture dougwilson on 5 Oct 2016
👍5 😄1

All 6 comments

Thanks for the suggestion! We added it in the 4.14.0 release :)

Here is an example:

$ npm i express
[email protected] node_modules\express
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected] ([email protected])
├── [email protected]
├── [email protected] ([email protected], [email protected])
├── [email protected] ([email protected])
├── [email protected] ([email protected], [email protected])
├── [email protected] ([email protected], [email protected], [email protected], [email protected], [email protected])
├── [email protected] ([email protected], [email protected])
└── [email protected] ([email protected], [email protected])

$ cat app.js
var express = require('express')

var app = express()

app.get('/', function (req, res) {
  res.cookie('foo', 'bar', {
    sameSite: true
  })
  res.end()
})

app.listen(4000)

$ node app.js &
[1] 10804

$ curl -Is http://127.0.0.1:4000
HTTP/1.1 200 OK
X-Powered-By: Express
Set-Cookie: foo=bar; Path=/; SameSite=Strict
Date: Wed, 05 Oct 2016 13:24:13 GMT
Connection: keep-alive
dougwilson picture dougwilson on 5 Oct 2016
👍5 😄1

@dougwilson Support for sameSite is not mentioned in the docs afaict. I discovered it's existence by accident when reading through the code of the cookie NPM package but could not find it in the docs... A Google search then lead me here.

Download picture Download on 21 Jan 2017

Hi @Download sorry we missed documenting it. Please open issues with the website at https://github.com/expressjs/expressjs.com

dougwilson picture dougwilson on 21 Jan 2017

Updated http://expressjs.com/en/4x/api.html#res.cookie

hacksparrow picture hacksparrow on 23 Jan 2017
👍4

SameSite=None is added in [email protected] and express depends on an exact version of [email protected], which is out-dated now.

nandin-borjigin picture nandin-borjigin on 22 Oct 2020

Hi @Nandiin you are using an outdated Express. Please upgrade to Express 4.17.0 or higher: http://expressjs.com/en/changelog/4x.html#4.17.0

dougwilson picture dougwilson on 22 Oct 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

cuni0716 picture cuni0716  ·  3Comments
ER-GAIBI picture ER-GAIBI  ·  3Comments
AndrewEQ picture AndrewEQ  ·  4Comments
Domiii picture Domiii  ·  3Comments
dmaks9 picture dmaks9  ·  3Comments