From 4e7f95cf68cc80e5070a82128b0d6d987040aef0 Mon Sep 17 00:00:00 2001
From: Luke Hill <20105237+luke-hill@users.noreply.github.com>
Date: Mon, 28 Jul 2025 09:15:06 +0100
Subject: [PATCH] Capitalize sameSite attribute in cookie creation

This handles situations where you get a direct injection from a valid set-header response in API requests
---
 rb/lib/selenium/webdriver/common/manager.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rb/lib/selenium/webdriver/common/manager.rb b/rb/lib/selenium/webdriver/common/manager.rb
index 99181d7700f67..be28c75389c0f 100644
--- a/rb/lib/selenium/webdriver/common/manager.rb
+++ b/rb/lib/selenium/webdriver/common/manager.rb
@@ -50,7 +50,7 @@ def add_cookie(opts = {})
         opts[:secure] ||= false
 
         same_site = opts.delete(:same_site)
-        opts[:sameSite] = same_site if same_site
+        opts[:sameSite] = same_site.capitalize if same_site
 
         http_only = opts.delete(:http_only)
         opts[:httpOnly] = http_only if http_only