From 6078c3653bb1703e2ecc9d073c8a7b1f9715e33a Mon Sep 17 00:00:00 2001
From: picklesrus <picklesrus@users.noreply.github.com>
Date: Wed, 5 Aug 2020 10:50:06 -0400
Subject: [PATCH] Puts back the original change but sets the default to Lax
 instead of Strict. Scratchr2 needs these cookies sent on top level
 navigations.

---
 src/lib/jar.js            |  3 ++-
 test/unit/lib/jar.test.js | 53 +++++++++++++++++++++++++++++++++++++++
 2 files changed, 55 insertions(+), 1 deletion(-)
 create mode 100644 test/unit/lib/jar.test.js

diff --git a/src/lib/jar.js b/src/lib/jar.js
index afcc1b277..1d2cadae6 100644
--- a/src/lib/jar.js
+++ b/src/lib/jar.js
@@ -78,7 +78,8 @@ const Jar = {
     set: (name, value, opts) => {
         opts = opts || {};
         defaults(opts, {
-            expires: new Date(new Date().setYear(new Date().getFullYear() + 1))
+            expires: new Date(new Date().setYear(new Date().getFullYear() + 1)),
+            sameSite: 'Lax' // cookie library requires this capitialization of sameSite
         });
         opts.path = '/';
         const obj = cookie.serialize(name, value, opts);
diff --git a/test/unit/lib/jar.test.js b/test/unit/lib/jar.test.js
new file mode 100644
index 000000000..6d74df8a3
--- /dev/null
+++ b/test/unit/lib/jar.test.js
@@ -0,0 +1,53 @@
+const jar = require('../../../src/lib/jar');
+const cookie = require('cookie');
+
+jest.mock('cookie', () => ({serialize: jest.fn()}));
+describe('unit test lib/jar.js', () => {
+
+    test('simple set test with no opts', () => {
+        jar.set('name', 'value');
+        expect(cookie.serialize).toHaveBeenCalled();
+        expect(cookie.serialize).toHaveBeenCalledWith('name', 'value',
+            expect.objectContaining({
+                path: '/',
+                sameSite: 'Lax',
+                expires: expect.anything() // not specifically matching the date because it is hard to mock
+            }));
+    });
+    test('test with opts', () => {
+        jar.set('a', 'b', {option: 'one'});
+        expect(cookie.serialize).toHaveBeenCalled();
+        expect(cookie.serialize).toHaveBeenCalledWith('a', 'b',
+            expect.objectContaining({
+                option: 'one',
+                path: '/',
+                sameSite: 'Lax',
+                expires: expect.anything() // not specifically matching the date because it is hard to mock
+            }));
+    });
+    test('expires opts overrides default', () => {
+        jar.set('a', 'b', {
+            option: 'one',
+            expires: 'someday'
+        });
+        expect(cookie.serialize).toHaveBeenCalled();
+        expect(cookie.serialize).toHaveBeenCalledWith('a', 'b',
+            expect.objectContaining({
+                option: 'one',
+                path: '/',
+                expires: 'someday'
+            }));
+    });
+    test('sameSite opts overrides default', () => {
+        jar.set('a', 'b', {
+            option: 'one',
+            sameSite: 'override'
+        });
+        expect(cookie.serialize).toHaveBeenCalled();
+        expect(cookie.serialize).toHaveBeenCalledWith('a', 'b',
+            expect.objectContaining({
+                option: 'one',
+                sameSite: 'override'
+            }));
+    });
+});