Support sameSite 'auto' the same as for secureCookie #1081
Description
Hello I would like to set the cookie sameSite value to "none" for secure connections and to "lax" for http connections (As none requires a secure connection).
The secure option supports "auto" which will check on request, if the connection is secure and set secure to true and to false otherwise. I would like a similar option for sameSite as it would really help in my situation where I cannot determine up front if the site is served http-only, but if it IS accessed on https I really need sameSite to be set to "none" to support some SAML authentication scenarios.
The fix is rather simple. In index.js I just put in:
store.generate = function(req){
req.sessionID = generateId(req);
req.session = new Session(req);
req.session.cookie = new Cookie(cookieOptions);
if (cookieOptions.secure === 'auto') {
req.session.cookie.secure = issecure(req, trustProxy);
// support for sameSite 'auto':
if (cookieOptions.sameSite === 'auto') {
req.session.cookie.sameSite = req.session.cookie.secure ? 'none' : 'lax';
}
}
};I am just wondering if a pull request is appreciated?