From 19cc58264a06dca47ed401fbaca32dcdb80a903b Mon Sep 17 00:00:00 2001
From: Damien Arrachequesne <damien.arrachequesne@gmail.com>
Date: Wed, 30 Dec 2020 09:19:14 +0100
Subject: [PATCH] feat: add support for all cookie options

The "cookie" options can now be an object, which will be forwarded to
the "cookie" module.

The previous syntax is still valid:

```
new Server({
  cookieName: "test",
  cookieHttpOnly: false,
  cookiePath: "/custom"
})
```

but the new syntax add support for all options:

```
new Server({
  cookie: {
    name: "test",
    httpOnly: false,
    path: "/custom"
    sameSite: "lax"
  }
})
```

Reference: https://github.com/jshttp/cookie#options-1

Backported from master: https://github.com/socketio/engine.io/commit/a374471d06e3681a769766a1d068898182f9305f
---
 lib/server.js     | 16 ++++++++++------
 package-lock.json |  6 +++---
 package.json      |  2 +-
 test/server.js    | 19 +++++++++++++++++++
 4 files changed, 33 insertions(+), 10 deletions(-)

diff --git a/lib/server.js b/lib/server.js
index e64c6293a..c691561b6 100644
--- a/lib/server.js
+++ b/lib/server.js
@@ -316,12 +316,16 @@ Server.prototype.handshake = function (transportName, req) {
 
   if (false !== this.cookie) {
     transport.on('headers', function (headers) {
-      headers['Set-Cookie'] = cookieMod.serialize(self.cookie, id,
-        {
-          path: self.cookiePath,
-          httpOnly: self.cookiePath ? self.cookieHttpOnly : false,
-          sameSite: true
-        });
+      if (typeof self.cookie === 'object') {
+        headers['Set-Cookie'] = cookieMod.serialize(self.cookie.name, id, self.cookie);
+      } else {
+        headers['Set-Cookie'] = cookieMod.serialize(self.cookie, id,
+          {
+            path: self.cookiePath,
+            httpOnly: self.cookiePath ? self.cookieHttpOnly : false,
+            sameSite: true
+          });
+      }
     });
   }
 
diff --git a/package-lock.json b/package-lock.json
index c26b6a819..b8b1b6827 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -975,9 +975,9 @@
       "dev": true
     },
     "cookie": {
-      "version": "0.3.1",
-      "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.3.1.tgz",
-      "integrity": "sha1-5+Ch+e9DtMi6klxcWpboBtFoc7s="
+      "version": "0.4.1",
+      "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.4.1.tgz",
+      "integrity": "sha512-ZwrFkGJxUR3EIoXtO+yVE69Eb7KlixbaeAWfBQB9vVsNn/o+Yw69gBWSSDK825hQNdN+wF8zELf3dFNl/kxkUA=="
     },
     "cookiejar": {
       "version": "2.1.2",
diff --git a/package.json b/package.json
index 454060f9e..3fd22d64d 100644
--- a/package.json
+++ b/package.json
@@ -27,7 +27,7 @@
   "dependencies": {
     "accepts": "~1.3.4",
     "base64id": "2.0.0",
-    "cookie": "0.3.1",
+    "cookie": "~0.4.1",
     "debug": "~4.1.0",
     "engine.io-parser": "~2.2.0",
     "ws": "~7.4.2"
diff --git a/test/server.js b/test/server.js
index 79c61bf46..d34f2f235 100644
--- a/test/server.js
+++ b/test/server.js
@@ -123,6 +123,25 @@ describe('server', function () {
       });
     });
 
+    it('should forward all cookie options', function (done) {
+      listen({ cookie: {
+        name: 'woot',
+        path: '/test',
+        httpOnly: true,
+        sameSite: 'lax'
+      }}, function (port) {
+        request.get('http://localhost:%d/engine.io/default/'.s(port))
+          .query({ transport: 'polling', b64: 1 })
+          .end(function (err, res) {
+            expect(err).to.be(null);
+            // hack-obtain sid
+            var sid = res.text.match(/"sid":"([^"]+)"/)[1];
+            expect(res.headers['set-cookie'][0]).to.be('woot=' + sid + '; Path=/test; HttpOnly; SameSite=Lax');
+            done();
+          });
+      });
+    });
+
     it('should send the io cookie custom name', function (done) {
       listen({ cookie: 'woot' }, function (port) {
         request.get('http://localhost:%d/engine.io/default/'.s(port))