bnorton · July 11, 2024 01:37 · flugsio · Oct 19, 2020 · sshaw · Jul 11, 2024
diff --git a/README.md b/README.md
diff --git a/application_controller.rb b/application_controller.rb
 class ApplicationControler < ActionController::Base
  
  ...
    
  def set_third_party_cookie(name, value, expires_in: 1.year)
    cookies.encrypted[name] = { :value => value.to_s, :expires_in => expires_in, :domain => :all, :same_site => SameSite.value(request.headers['User-Agent']), :secure => true, :httponly => true }.compact
  end
  
  ...

 end
diff --git a/Gemfile b/Gemfile

 ...
 ##
 # Until this commit is merged and released by rack
 #
 gem 'rack', git: 'https://github.com/rack/rack.git', ref: 'c859bbf7b53cb59df1837612a8c330dfb4147392'
 ...
diff --git a/same_site.rb b/same_site.rb
 class SameSite
  def self.value(agent)
    send_same_site_none?(agent) ? :none : nil
  end

  private

  ##
  # Based on https://www.chromium.org/updates/same-site/incompatible-clients
  #
  #  Don’t send `SameSite=None` to known incompatible clients.
  # 
  def self.send_same_site_none?(useragent)
    return true if useragent.blank?

    !same_site_none_incompatible?(useragent)
  end

  #  Classes of browsers known to be incompatible.
  # 
  def self.same_site_none_incompatible?(useragent)
    web_kit_same_site_bug?(useragent) ||
      drops_unrecognized_cookies?(useragent)
  end

  def self.web_kit_same_site_bug?(useragent)
    ios_version?(useragent, major: 12) ||
      (macosx_version?(useragent, major: 10, minor: 14) &&
        (safari?(useragent) || mac_embedded_browser?(useragent)))
  end

  def self.drops_unrecognized_cookies?(useragent)
    return !uc_browser_version_at_least?(useragent, major: 12, minor: 13, build: 2) if uc_browser?(useragent)

    chromium_based?(useragent) &&
      chromium_version_at_least?(useragent, major: 51) &&
      !chromium_version_at_least?(useragent, major: 67)
  end

  def self.ios_version?(useragent, major: nil)
    /\(iP.+; CPU .*OS (\d+)[_\d]*.*\) AppleWebKit\// =~ useragent

    $1 == major.to_s
  end

  def self.macosx_version?(useragent, major:nil, minor:nil)
    /\(Macintosh;.*Mac OS X (\d+)_(\d+)[_\d]*.*\) AppleWebKit\// =~ useragent

    $1 == major.to_s && $2 == minor.to_s
  end

  def self.safari?(useragent)
    /Version\/.* Safari\// === useragent && !chromium_based?(useragent)
  end

  def self.mac_embedded_browser?(useragent)
    /^(Mozilla\/[.\d]+ \(Macintosh;.*Mac OS X [_\d]+\) )|AppleWebKit\/[.\d]+ \(KHTML, like Gecko\)$/ === useragent
  end

  def self.chromium_based?(useragent)
    /Chrom(e|ium)/ === useragent
  end

  def self.chromium_version_at_least?(useragent, major: nil)
    /Chrom[^ \/]+\/(\d+)[.\d]* / =~ useragent

    $1.to_i >= major
  end

  def self.uc_browser?(useragent)
    /UCBrowser\// =~ useragent
  end

  def self.uc_browser_version_at_least?(useragent, major: nil, minor: nil, build: nil)
    /UCBrowser\/(\d+)\.(\d+)\.(\d+)[.\d]* / =~ useragent

    major_version = $1.to_i
    minor_version = $2.to_i

    if major_version != major
      return major_version > major
    elsif minor_version != minor
      return minor_version > minor
    end

    $3.to_i >= build
  end
 end
	class ApplicationControler < ActionController::Base

	...

	def set_third_party_cookie(name, value, expires_in: 1.year)
	cookies.encrypted[name] = { :value => value.to_s, :expires_in => expires_in, :domain => :all, :same_site => SameSite.value(request.headers['User-Agent']), :secure => true, :httponly => true }.compact
	end

	...

	end

	...
	##
	# Until this commit is merged and released by rack
	#
	gem 'rack', git: 'https://github.com/rack/rack.git', ref: 'c859bbf7b53cb59df1837612a8c330dfb4147392'
	...
	class SameSite
	def self.value(agent)
	send_same_site_none?(agent) ? :none : nil
	end

	private

	##
	# Based on https://www.chromium.org/updates/same-site/incompatible-clients
	#
	# Don’t send `SameSite=None` to known incompatible clients.
	#
	def self.send_same_site_none?(useragent)
	return true if useragent.blank?

	!same_site_none_incompatible?(useragent)
	end

	# Classes of browsers known to be incompatible.
	#
	def self.same_site_none_incompatible?(useragent)
	web_kit_same_site_bug?(useragent) \|\|
	drops_unrecognized_cookies?(useragent)
	end

	def self.web_kit_same_site_bug?(useragent)
	ios_version?(useragent, major: 12) \|\|
	(macosx_version?(useragent, major: 10, minor: 14) &&
	(safari?(useragent) \|\| mac_embedded_browser?(useragent)))
	end

	def self.drops_unrecognized_cookies?(useragent)
	return !uc_browser_version_at_least?(useragent, major: 12, minor: 13, build: 2) if uc_browser?(useragent)

	chromium_based?(useragent) &&
	chromium_version_at_least?(useragent, major: 51) &&
	!chromium_version_at_least?(useragent, major: 67)
	end

	def self.ios_version?(useragent, major: nil)
	/\(iP.+; CPU .OS (\d+)[_\d].*\) AppleWebKit\// =~ useragent

	$1 == major.to_s
	end

	def self.macosx_version?(useragent, major:nil, minor:nil)
	/\(Macintosh;.Mac OS X (\d+)_(\d+)[_\d].*\) AppleWebKit\// =~ useragent

	$1 == major.to_s && $2 == minor.to_s
	end

	def self.safari?(useragent)
	/Version\/.* Safari\// === useragent && !chromium_based?(useragent)
	end

	def self.mac_embedded_browser?(useragent)
	/^(Mozilla\/[.\d]+ \(Macintosh;.*Mac OS X [_\d]+\) )\|AppleWebKit\/[.\d]+ \(KHTML, like Gecko\)$/ === useragent
	end

	def self.chromium_based?(useragent)
	/Chrom(e\|ium)/ === useragent
	end

	def self.chromium_version_at_least?(useragent, major: nil)
	/Chrom[^ \/]+\/(\d+)[.\d]* / =~ useragent

	$1.to_i >= major
	end

	def self.uc_browser?(useragent)
	/UCBrowser\// =~ useragent
	end

	def self.uc_browser_version_at_least?(useragent, major: nil, minor: nil, build: nil)
	/UCBrowser\/(\d+)\.(\d+)\.(\d+)[.\d]* / =~ useragent

	major_version = $1.to_i
	minor_version = $2.to_i

	if major_version != major
	return major_version > major
	elsif minor_version != minor
	return minor_version > minor
	end

	$3.to_i >= build
	end
	end