diff --git a/ctx_test.go b/ctx_test.go index ee9f4a910ea..c57528a1393 100644 --- a/ctx_test.go +++ b/ctx_test.go @@ -1211,7 +1211,7 @@ func Test_Ctx_Cookie_Invalid(t *testing.T) { {Name: "i", Value: "b", Domain: "2001:db8::1"}, // ipv6 not allowed {Name: "p", Value: "b", Path: "\x00"}, // invalid path byte {Name: "e", Value: "b", Expires: time.Date(1500, 1, 1, 0, 0, 0, 0, time.UTC)}, // invalid expires - {Name: "s", Value: "b", Partitioned: true}, // partitioned but not secure + // Note: Partitioned without Secure is auto-fixed (Secure=true set automatically per CHIPS spec) } for _, invalid := range cases { diff --git a/docs/api/ctx.md b/docs/api/ctx.md index c7357d534e1..0f990be70df 100644 --- a/docs/api/ctx.md +++ b/docs/api/ctx.md @@ -1760,8 +1760,7 @@ app.Get("/set", func(c fiber.Ctx) error { app.Get("/delete", func(c fiber.Ctx) error { c.Cookie(&fiber.Cookie{ Name: "token", - // Set expiry date to the past - Expires: time.Now().Add(-(time.Hour * 2)), + Expires: fasthttp.CookieExpireDelete, // Use fasthttp's built-in constant HTTPOnly: true, SameSite: "Lax", }) @@ -1770,6 +1769,22 @@ app.Get("/delete", func(c fiber.Ctx) error { }) ``` +You can also use `c.Cookie()` to expire cookies with specific `Path` or `Domain` attributes: + +```go title="Example" +app.Get("/logout", func(c fiber.Ctx) error { + // Expire a cookie with path and domain + c.Cookie(&fiber.Cookie{ + Name: "token", + Path: "/api", + Domain: "example.com", + Expires: fasthttp.CookieExpireDelete, + }) + + return c.SendStatus(fiber.StatusOK) +}) +``` + ### Cookie Sets a cookie. diff --git a/res.go b/res.go index db8babd31e9..eb86381d096 100644 --- a/res.go +++ b/res.go @@ -249,6 +249,11 @@ func (r *DefaultRes) Cookie(cookie *Cookie) { sameSite = http.SameSiteLaxMode } + // Partitioned requires Secure=true per CHIPS spec + if cookie.Partitioned { + cookie.Secure = true + } + // create/validate cookie using net/http hc := &http.Cookie{ Name: cookie.Name,