chore: add custom samesite options to auth cookies (#16885)

Allows controlling `samesite` cookie settings from the deployment config
2025-07-03 16:13:58 +00:00 · 2025-04-08 14:15:14 -05:00
parent 389e88ec82
commit 52d555880c
26 changed files with 240 additions and 67 deletions
--- a/coderd/coderdtest/testjar/cookiejar.go
+++ b/coderd/coderdtest/testjar/cookiejar.go
@ -0,0 +1,33 @@
+package testjar
+
+import (
+	"net/http"
+	"net/url"
+	"sync"
+)
+
+func New() *Jar {
+	return &Jar{}
+}
+
+// Jar exists because 'cookiejar.New()' strips many of the http.Cookie fields
+// that are needed to assert. Such as 'Secure' and 'SameSite'.
+type Jar struct {
+	m      sync.Mutex
+	perURL map[string][]*http.Cookie
+}
+
+func (j *Jar) SetCookies(u *url.URL, cookies []*http.Cookie) {
+	j.m.Lock()
+	defer j.m.Unlock()
+	if j.perURL == nil {
+		j.perURL = make(map[string][]*http.Cookie)
+	}
+	j.perURL[u.Host] = append(j.perURL[u.Host], cookies...)
+}
+
+func (j *Jar) Cookies(u *url.URL) []*http.Cookie {
+	j.m.Lock()
+	defer j.m.Unlock()
+	return j.perURL[u.Host]
+}