feat(cookie): change SameSiteMode and ScriptAccess enum values to PascalCasing

Signed-off-by: Jan Larwig <jan@larwig.com>
2026-01-06 20:22:07 +01:00 · 2026-01-06 20:22:07 +01:00 · f289a516e2
parent d29b846052
commit f289a516e2
6 changed files with 32 additions and 20 deletions
--- a/docs/docs/configuration/alpha_config.md
+++ b/docs/docs/configuration/alpha_config.md
@ -606,7 +606,7 @@ RedisStoreOptions contains configuration options for the RedisSessionStore.
 (**Appears on:** [Cookie](#cookie))

 SameSiteMode is an enum representing the different SameSite modes for cookies
-Available modes are "lax", "strict", "none", and "" (default browser behavior)
+Available modes are "Lax", "Strict", "None", and "" (default browser behavior)

 ### ScriptAccess
 #### (`string` alias)
@ -614,7 +614,7 @@ Available modes are "lax", "strict", "none", and "" (default browser behavior)
 (**Appears on:** [Cookie](#cookie))

 ScriptAccess is an enum representing whether a cookie is accessible to JavaScript
-Available modes are "allow", "deny" (default behavior)
+Available modes are "Allow", "Deny" (default behavior)

 ### SecretSource

--- a/pkg/apis/options/cookie.go
+++ b/pkg/apis/options/cookie.go
@ -16,23 +16,23 @@ const (
 )

 // SameSiteMode is an enum representing the different SameSite modes for cookies
-// Available modes are "lax", "strict", "none", and "" (default browser behavior)
+// Available modes are "Lax", "Strict", "None", and "" (default browser behavior)
 type SameSiteMode string

 const (
-	SameSiteLax     SameSiteMode = "lax"
-	SameSiteStrict  SameSiteMode = "strict"
-	SameSiteNone    SameSiteMode = "none"
+	SameSiteLax     SameSiteMode = "Lax"
+	SameSiteStrict  SameSiteMode = "Strict"
+	SameSiteNone    SameSiteMode = "None"
 	SameSiteDefault SameSiteMode = ""
 )

 // ScriptAccess is an enum representing whether a cookie is accessible to JavaScript
-// Available modes are "allow", "deny" (default behavior)
+// Available modes are "Allow", "Deny" (default behavior)
 type ScriptAccess string

 const (
-	ScriptAccessDenied  ScriptAccess = "deny"
-	ScriptAccessAllowed ScriptAccess = "allow"
+	ScriptAccessDenied  ScriptAccess = "Deny"
+	ScriptAccessAllowed ScriptAccess = "Allow"
 	ScriptAccessNone    ScriptAccess = ""
 )

--- a/pkg/apis/options/legacy_cookie.go
+++ b/pkg/apis/options/legacy_cookie.go
@ -63,6 +63,18 @@ func (l *LegacyCookie) convert() Cookie {
 		}
 	}

+	var sameSite SameSiteMode
+	switch l.SameSite {
+	case "lax":
+		sameSite = SameSiteLax
+	case "strict":
+		sameSite = SameSiteStrict
+	case "none":
+		sameSite = SameSiteNone
+	default:
+		sameSite = SameSiteDefault
+	}
+
 	return Cookie{
 		Name:                l.Name,
 		Secret:              secret,
@ -71,7 +83,7 @@ func (l *LegacyCookie) convert() Cookie {
 		Expire:              l.Expire,
 		Insecure:            &insecure,
 		ScriptAccess:        scriptAccess,
-		SameSite:            SameSiteMode(l.SameSite),
+		SameSite:            sameSite,
 		CSRFPerRequest:      &l.CSRFPerRequest,
 		CSRFPerRequestLimit: l.CSRFPerRequestLimit,
 		CSRFExpire:          l.CSRFExpire,
--- a/pkg/cookies/cookies.go
+++ b/pkg/cookies/cookies.go
@ -69,13 +69,13 @@ func GetCookieDomain(req *http.Request, cookieDomains []string) string {
 // Parse a valid http.SameSite value from a user supplied string for use of making cookies.
 func ParseSameSite(v options.SameSiteMode) http.SameSite {
 	switch v {
-	case "lax":
+	case options.SameSiteLax:
 		return http.SameSiteLaxMode
-	case "strict":
+	case options.SameSiteStrict:
 		return http.SameSiteStrictMode
-	case "none":
+	case options.SameSiteNone:
 		return http.SameSiteNoneMode
-	case "":
+	case options.SameSiteDefault:
 		return 0
 	default:
 		panic(fmt.Sprintf("Invalid value for SameSite: %s", v))
--- a/pkg/validation/cookie.go
+++ b/pkg/validation/cookie.go
@ -21,9 +21,9 @@ func validateCookie(o options.Cookie, refresh time.Duration) []string {
 	}

 	switch o.SameSite {
-	case "", "none", "lax", "strict":
+	case options.SameSiteLax, options.SameSiteStrict, options.SameSiteNone, options.SameSiteDefault:
 	default:
-		msgs = append(msgs, fmt.Sprintf("cookie_samesite (%q) must be one of ['', 'lax', 'strict', 'none']", o.SameSite))
+		msgs = append(msgs, fmt.Sprintf("cookie_samesite (%q) must be one of ['', 'Lax', 'Strict', 'None']", o.SameSite))
 	}

 	// Sort cookie domains by length, so that we try longer (and more specific) domains first
--- a/pkg/validation/cookie_test.go
+++ b/pkg/validation/cookie_test.go
@ -63,7 +63,7 @@ func TestValidateCookie(t *testing.T) {
 	invalidSecretMsg := "cookie_secret must be 16, 24, or 32 bytes to create an AES cipher, but is 6 bytes"
 	invalidBase64SecretMsg := "cookie_secret must be 16, 24, or 32 bytes to create an AES cipher, but is 10 bytes"
 	refreshLongerThanExpireMsg := "cookie_refresh (\"1h0m0s\") must be less than cookie_expire (\"15m0s\")"
-	invalidSameSiteMsg := "cookie_samesite (\"invalid\") must be one of ['', 'lax', 'strict', 'none']"
+	invalidSameSiteMsg := "cookie_samesite (\"invalid\") must be one of ['', 'Lax', 'Strict', 'None']"

 	testCases := []struct {
 		name       string
@ -216,7 +216,7 @@ func TestValidateCookie(t *testing.T) {
 				Expire:       time.Hour,
 				Insecure:     ptr.To(false),
 				ScriptAccess: options.ScriptAccessAllowed,
-				SameSite:     "none",
+				SameSite:     options.SameSiteNone,
 			},
 			refresh:    15 * time.Minute,
 			errStrings: []string{},
@ -231,7 +231,7 @@ func TestValidateCookie(t *testing.T) {
 				Expire:       time.Hour,
 				Insecure:     ptr.To(false),
 				ScriptAccess: options.ScriptAccessAllowed,
-				SameSite:     "none",
+				SameSite:     options.SameSiteLax,
 			},
 			refresh:    15 * time.Minute,
 			errStrings: []string{},
@ -246,7 +246,7 @@ func TestValidateCookie(t *testing.T) {
 				Expire:       time.Hour,
 				Insecure:     ptr.To(false),
 				ScriptAccess: options.ScriptAccessAllowed,
-				SameSite:     "none",
+				SameSite:     options.SameSiteStrict,
 			},
 			refresh:    15 * time.Minute,
 			errStrings: []string{},