From bf7b245fa05ce8babba8c6ff05752a58810d426c Mon Sep 17 00:00:00 2001
From: Keeley Hammond <vertedinde@electronjs.org>
Date: Mon, 15 Nov 2021 07:20:04 -0800
Subject: [PATCH] fix: change cookie default from NO_RESTRICTION to LAX_MODE
 (#31800)

* fix: change default from NO_RESTRICTION to LAX_MODE

* chore: update cookie docs, redirect tests
---
 docs/api/cookies.md                       | 2 +-
 shell/browser/api/electron_api_cookies.cc | 2 +-
 spec-main/api-net-spec.ts                 | 4 ++++
 3 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/docs/api/cookies.md b/docs/api/cookies.md
index 47bdfed31ff4..e1ae23f920c7 100644
--- a/docs/api/cookies.md
+++ b/docs/api/cookies.md
@@ -99,7 +99,7 @@ the response.
   * `expirationDate` Double (optional) - The expiration date of the cookie as the number of
     seconds since the UNIX epoch. If omitted then the cookie becomes a session
     cookie and will not be retained between sessions.
-  * `sameSite` String (optional) - The [Same Site](https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#SameSite_cookies) policy to apply to this cookie.  Can be `unspecified`, `no_restriction`, `lax` or `strict`.  Default is `no_restriction`.
+  * `sameSite` String (optional) - The [Same Site](https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#SameSite_cookies) policy to apply to this cookie.  Can be `unspecified`, `no_restriction`, `lax` or `strict`.  Default is `lax`.
 
 Returns `Promise<void>` - A promise which resolves when the cookie has been set
 
diff --git a/shell/browser/api/electron_api_cookies.cc b/shell/browser/api/electron_api_cookies.cc
index f10fed7637d0..d99e86bd5018 100644
--- a/shell/browser/api/electron_api_cookies.cc
+++ b/shell/browser/api/electron_api_cookies.cc
@@ -192,7 +192,7 @@ std::string InclusionStatusToString(net::CookieInclusionStatus status) {
 std::string StringToCookieSameSite(const std::string* str_ptr,
                                    net::CookieSameSite* same_site) {
   if (!str_ptr) {
-    *same_site = net::CookieSameSite::NO_RESTRICTION;
+    *same_site = net::CookieSameSite::LAX_MODE;
     return "";
   }
   const std::string& str = *str_ptr;
diff --git a/spec-main/api-net-spec.ts b/spec-main/api-net-spec.ts
index b2255776fdca..44c05ea10bea 100644
--- a/spec-main/api-net-spec.ts
+++ b/spec-main/api-net-spec.ts
@@ -759,14 +759,18 @@ describe('net module', () => {
           const cookieLocalVal = `${Date.now()}-local`;
           const localhostUrl = serverUrl.replace('127.0.0.1', 'localhost');
           expect(localhostUrl).to.not.equal(serverUrl);
+          // cookies with lax or strict same-site settings will not
+          // persist after redirects. no_restriction must be used
           await Promise.all([
             sess.cookies.set({
               url: serverUrl,
               name: 'wild_cookie',
+              sameSite: 'no_restriction',
               value: cookie127Val
             }), sess.cookies.set({
               url: localhostUrl,
               name: 'wild_cookie',
+              sameSite: 'no_restriction',
               value: cookieLocalVal
             })
           ]);