Merge branch 'master' into master

.github/workflows/bench.yml

@@ -0,0 +1,42 @@
+name: Benchmark (Linux)
+
+on: [push, pull_request]
+
+jobs:
+  check_benchmark:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@master
+
+      - name: Install Rust
+        uses: actions-rs/toolchain@v1
+        with:
+          toolchain: nightly
+          profile: minimal
+          override: true
+
+      - name: Generate Cargo.lock
+        uses: actions-rs/cargo@v1
+        with:
+          command: generate-lockfile
+      - name: Cache cargo registry
+        uses: actions/cache@v1
+        with:
+          path: ~/.cargo/registry
+          key: ${{ matrix.version }}-x86_64-unknown-linux-gnu-registry-${{ hashFiles('**/Cargo.lock') }}
+      - name: Cache cargo index
+        uses: actions/cache@v1
+        with:
+          path: ~/.cargo/git
+          key: ${{ matrix.version }}-x86_64-unknown-linux-gnu-cargo-index-${{ hashFiles('**/Cargo.lock') }}
+      - name: Cache cargo build
+        uses: actions/cache@v1
+        with:
+          path: target
+          key: ${{ matrix.version }}-x86_64-unknown-linux-gnu-cargo-build-${{ hashFiles('**/Cargo.lock') }}
+
+      - name: Check benchmark
+        uses: actions-rs/cargo@v1
+        with:
+          command: bench

.github/workflows/macos.yml

@@ -27,7 +27,7 @@ jobs:
       - name: Generate Cargo.lock
         uses: actions-rs/cargo@v1
         with:
-          command: update
+          command: generate-lockfile
       - name: Cache cargo registry
         uses: actions/cache@v1
         with:

.github/workflows/windows.yml

@@ -30,7 +30,7 @@ jobs:
       - name: Generate Cargo.lock
         uses: actions-rs/cargo@v1
         with:
-          command: update
+          command: generate-lockfile
       - name: Cache cargo registry
         uses: actions/cache@v1
         with:
@@ -46,18 +46,15 @@ jobs:
         with:
           path: target
           key: ${{ matrix.version }}-x86_64-pc-windows-msvc-cargo-build-${{ hashFiles('**/Cargo.lock') }}
-      - name: Cache vcpkg package
-        uses: actions/cache@v1
-        id: cache-vcpkg
-        with:
-          path: C:\vcpkg
-          key: windows_x64-${{ matrix.version }}-vcpkg
 
       - name: Install OpenSSL
-        if: steps.cache-vcpkg.outputs.cache-hit != 'true'
         run: |
           vcpkg integrate install
           vcpkg install openssl:x64-windows
+          Copy-Item C:\vcpkg\installed\x64-windows\bin\libcrypto-1_1-x64.dll C:\vcpkg\installed\x64-windows\bin\libcrypto.dll
+          Copy-Item C:\vcpkg\installed\x64-windows\bin\libssl-1_1-x64.dll C:\vcpkg\installed\x64-windows\bin\libssl.dll
+          Get-ChildItem C:\vcpkg\installed\x64-windows\bin
+          Get-ChildItem C:\vcpkg\installed\x64-windows\lib
 
       - name: check build
         uses: actions-rs/cargo@v1
@@ -76,4 +73,4 @@ jobs:
                 --skip=test_simple
                 --skip=test_expect_continue
                 --skip=test_http10_keepalive
-                --skip=test_slow_request 
+                --skip=test_slow_request

MIGRATION.md

@@ -1,3 +1,9 @@
+## Unreleased
+
+* Setting a cookie's SameSite property, explicitly, to `SameSite::None` will now
+  result in `SameSite=None` being sent with the response Set-Cookie header.
+  To create a cookie without a SameSite attribute, remove any calls setting same_site.
+
 ## 2.0.0
 
 * `HttpServer::start()` renamed to `HttpServer::run()`. It also possible to

actix-http/CHANGES.md

@@ -1,11 +1,15 @@
 # Changes
 
-## [1.x.x] - 2020-01-x
+# [Unreleased]
 
 ### Changed
 
 * Update the `time` dependency to 0.2.3
 
+### Fixed
+
+* Allow `SameSite=None` cookies to be sent in a response.
+
 ## [1.0.1] - 2019-12-20
 
 ### Fixed

actix-http/src/cookie/draft.rs

@@ -10,18 +10,26 @@ use std::fmt;
 /// attribute is "Strict", then the cookie is never sent in cross-site requests.
 /// If the `SameSite` attribute is "Lax", the cookie is only sent in cross-site
 /// requests with "safe" HTTP methods, i.e, `GET`, `HEAD`, `OPTIONS`, `TRACE`.
-/// If the `SameSite` attribute is not present (made explicit via the
+/// If the `SameSite` attribute is not present then the cookie will be sent as
-/// `SameSite::None` variant), then the cookie will be sent as normal.
+/// normal. In some browsers, this will implicitly handle the cookie as if "Lax"
+/// and in others, "None". It's best to explicitly set the `SameSite` attribute
+/// to avoid inconsistent behavior.
+/// 
+/// **Note:** Depending on browser, the `Secure` attribute may be required for
+/// `SameSite` "None" cookies to be accepted.
 ///
 /// **Note:** This cookie attribute is an HTTP draft! Its meaning and definition
 /// are subject to change.
+/// 
+/// More info about these draft changes can be found in the draft spec:
+/// - https://tools.ietf.org/html/draft-west-cookie-incrementalism-00
 #[derive(Debug, Clone, Copy, PartialEq, Eq, Hash)]
 pub enum SameSite {
     /// The "Strict" `SameSite` attribute.
     Strict,
     /// The "Lax" `SameSite` attribute.
     Lax,
-    /// No `SameSite` attribute.
+    /// The "None" `SameSite` attribute.
     None,
 }
 
@@ -92,7 +100,7 @@ impl fmt::Display for SameSite {
         match *self {
             SameSite::Strict => write!(f, "Strict"),
             SameSite::Lax => write!(f, "Lax"),
-            SameSite::None => Ok(()),
+            SameSite::None => write!(f, "None"),
         }
     }
 }

actix-http/src/cookie/mod.rs

@@ -746,9 +746,7 @@ impl<'c> Cookie<'c> {
         }
 
         if let Some(same_site) = self.same_site() {
-            if !same_site.is_none() {
+            write!(f, "; SameSite={}", same_site)?;
-                write!(f, "; SameSite={}", same_site)?;
-            }
         }
 
         if let Some(path) = self.path() {
@@ -1037,7 +1035,7 @@ mod tests {
         let cookie = Cookie::build("foo", "bar")
             .same_site(SameSite::None)
             .finish();
-        assert_eq!(&cookie.to_string(), "foo=bar");
+        assert_eq!(&cookie.to_string(), "foo=bar; SameSite=None");
     }
 
     #[test]