From 009524879ca43798eda8f7aa665bb4a0e1ea8e34 Mon Sep 17 00:00:00 2001
From: Max Rolon <max@halfhelix.com>
Date: Mon, 16 May 2022 21:23:30 -0400
Subject: [PATCH 1/4] Forces "secure" to be re-added to parsed cookies

---
 packages/browser-sync/lib/server/proxy-utils.js | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/packages/browser-sync/lib/server/proxy-utils.js b/packages/browser-sync/lib/server/proxy-utils.js
index ec03a8997..9292a1ba6 100644
--- a/packages/browser-sync/lib/server/proxy-utils.js
+++ b/packages/browser-sync/lib/server/proxy-utils.js
@@ -151,6 +151,9 @@ function rewriteCookies(rawCookie) {
     if (rawCookie.match(/httponly/i)) {
         pairs.push("HttpOnly");
     }
+    if (rawCookie.match(/secure/i)) {
+      pairs.push('secure');
+    }
 
     return pairs.join("; ");
 }

From c182666021efdff7a17b22936b69c72ba5a76eac Mon Sep 17 00:00:00 2001
From: Max Rolon <max@halfhelix.com>
Date: Fri, 20 May 2022 17:34:39 -0400
Subject: [PATCH 2/4] Adds in test and more specific cookie check

---
 .../browser-sync/lib/server/proxy-utils.js    | 11 ++++++--
 packages/browser-sync/package.json            |  1 +
 .../server.proxyUtils.rewriteCookies.js       | 25 +++++++++++++++++++
 3 files changed, 35 insertions(+), 2 deletions(-)
 create mode 100644 packages/browser-sync/test/specs/server/server.proxyUtils.rewriteCookies.js

diff --git a/packages/browser-sync/lib/server/proxy-utils.js b/packages/browser-sync/lib/server/proxy-utils.js
index 9292a1ba6..ca7a6153a 100644
--- a/packages/browser-sync/lib/server/proxy-utils.js
+++ b/packages/browser-sync/lib/server/proxy-utils.js
@@ -151,8 +151,15 @@ function rewriteCookies(rawCookie) {
     if (rawCookie.match(/httponly/i)) {
         pairs.push("HttpOnly");
     }
-    if (rawCookie.match(/secure/i)) {
-      pairs.push('secure');
+
+    // SameSite=None must be declared as secure;
+    // @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite#samesitenone_requires_secure.
+    // @see https://chromestatus.com/feature/5633521622188032
+    if (
+        rawCookie.match(/[ ]secure\;/i) &&
+        rawCookie.match(/[ ]SameSite=None/i)
+    ) {
+        pairs.push("secure");
     }
 
     return pairs.join("; ");
diff --git a/packages/browser-sync/package.json b/packages/browser-sync/package.json
index fbbe6bf01..388bf1ab4 100644
--- a/packages/browser-sync/package.json
+++ b/packages/browser-sync/package.json
@@ -30,6 +30,7 @@
 		"prettier": "prettier 'lib/**/*' 'examples/*' 'test/specs/**/*.js' --tab-width 4",
 		"prettier:fix": "npm run prettier -- --write",
 		"test": "npm run build && npm run env && npm run unit",
+    "test:watch": "mocha --recursive test/specs --watch",
 		"unit": "mocha --recursive test/specs --timeout 10000 --bail --exit",
 		"watch": "npm run build && npm run serve:fixtures",
 		"serve:fixtures": "node dist/bin test/fixtures -w --no-open"
diff --git a/packages/browser-sync/test/specs/server/server.proxyUtils.rewriteCookies.js b/packages/browser-sync/test/specs/server/server.proxyUtils.rewriteCookies.js
new file mode 100644
index 000000000..3f3931399
--- /dev/null
+++ b/packages/browser-sync/test/specs/server/server.proxyUtils.rewriteCookies.js
@@ -0,0 +1,25 @@
+// jscs:disable maximumLineLength
+
+var rewriteCookies = require("../../../dist/server/proxy-utils").rewriteCookies;
+var expect = require("chai").expect;
+
+describe("rewriteCookies spec", function() {
+    it("Should honor secure directive on SameSite=None cookies", function() {
+        var cookies = [
+            "localization=US; path=/; expires=Fri, 03 Jun 2022 21:13:22 GMT; SameSite=Lax",
+            "localization=secure; path=/; expires=Fri, 03 Jun 2022 21:13:22 GMT; SameSite=Lax",
+            "storefront_digest=1234567; path=/; secure; HttpOnly; SameSite=None"
+        ];
+
+        var result = cookies.reduce((aggregate, cookie) => {
+            aggregate.push(rewriteCookies(cookie));
+            return aggregate;
+        }, []);
+
+        expect(result).to.deep.equal([
+            "localization=US; path=/; expires=Fri, 03 Jun 2022 21:13:22 GMT; SameSite=Lax",
+            "localization=secure; path=/; expires=Fri, 03 Jun 2022 21:13:22 GMT; SameSite=Lax",
+            "storefront_digest=1234567; path=/; SameSite=None; HttpOnly; secure"
+        ]);
+    });
+});

From ffe4862687d16b2c9b1dd6e9db6a02ad90dabcae Mon Sep 17 00:00:00 2001
From: Max Rolon <max@halfhelix.com>
Date: Fri, 20 May 2022 17:35:28 -0400
Subject: [PATCH 3/4] Updates punctuation

---
 packages/browser-sync/lib/server/proxy-utils.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/packages/browser-sync/lib/server/proxy-utils.js b/packages/browser-sync/lib/server/proxy-utils.js
index ca7a6153a..d2c0adc5f 100644
--- a/packages/browser-sync/lib/server/proxy-utils.js
+++ b/packages/browser-sync/lib/server/proxy-utils.js
@@ -152,8 +152,8 @@ function rewriteCookies(rawCookie) {
         pairs.push("HttpOnly");
     }
 
-    // SameSite=None must be declared as secure;
-    // @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite#samesitenone_requires_secure.
+    // SameSite=None must be declared as secure
+    // @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite#samesitenone_requires_secure
     // @see https://chromestatus.com/feature/5633521622188032
     if (
         rawCookie.match(/[ ]secure\;/i) &&

From ec09b8ca6bdcbf2ab1cbbb7980a2c914063476a7 Mon Sep 17 00:00:00 2001
From: Max Rolon <max@halfhelix.com>
Date: Fri, 20 May 2022 17:41:42 -0400
Subject: [PATCH 4/4] Updates regex

---
 packages/browser-sync/lib/server/proxy-utils.js | 4 ++--
 packages/browser-sync/package.json              | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/packages/browser-sync/lib/server/proxy-utils.js b/packages/browser-sync/lib/server/proxy-utils.js
index d2c0adc5f..ac7be79b0 100644
--- a/packages/browser-sync/lib/server/proxy-utils.js
+++ b/packages/browser-sync/lib/server/proxy-utils.js
@@ -156,8 +156,8 @@ function rewriteCookies(rawCookie) {
     // @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite#samesitenone_requires_secure
     // @see https://chromestatus.com/feature/5633521622188032
     if (
-        rawCookie.match(/[ ]secure\;/i) &&
-        rawCookie.match(/[ ]SameSite=None/i)
+        rawCookie.match(/[ ]secure(?:\;|$)/i) &&
+        rawCookie.match(/[ ]SameSite=None(?:\;|$)/i)
     ) {
         pairs.push("secure");
     }
diff --git a/packages/browser-sync/package.json b/packages/browser-sync/package.json
index 388bf1ab4..482769f8b 100644
--- a/packages/browser-sync/package.json
+++ b/packages/browser-sync/package.json
@@ -30,7 +30,7 @@
 		"prettier": "prettier 'lib/**/*' 'examples/*' 'test/specs/**/*.js' --tab-width 4",
 		"prettier:fix": "npm run prettier -- --write",
 		"test": "npm run build && npm run env && npm run unit",
-    "test:watch": "mocha --recursive test/specs --watch",
+    "test:watch": "npm run build && npm run env && mocha --recursive test/specs --watch",
 		"unit": "mocha --recursive test/specs --timeout 10000 --bail --exit",
 		"watch": "npm run build && npm run serve:fixtures",
 		"serve:fixtures": "node dist/bin test/fixtures -w --no-open"