fix(adaptive): ensure sameSite is proxied from internal store

fixes mainmatter#2230

packages/ember-simple-auth/addon/session-stores/adaptive.js

@@ -65,6 +65,20 @@ export default Base.extend({
  _cookieDomain: null,
  cookieDomain: proxyToInternalStore(),
 
+ /**
+ Allows servers to assert that a cookie ought not to be sent along with cross-site requests,
+ which provides some protection against cross-site request forgery attacks (CSRF).
+ Available options:
+ - "Strict"
+ - "Lax"
+ @property sameSite
+ @type String
+ @default null
+ @public
+ */
+ _sameSite: null,
+ sameSite: proxyToInternalStore(),
+
  /**
  The name of the cookie to use if `localStorage` is not available.
 
@@ -134,7 +148,7 @@ export default Base.extend({
  store = localStorage;
  } else {
  const cookieStorage = owner.lookup('session-store:cookie');
- const options = this.getProperties('sameSite', 'cookieDomain', 'cookieName', 'cookieExpirationTime', 'cookiePath');
+ const options = this.getProperties('sameSite', 'cookieDomain', 'cookieName', 'cookieExpirationTime', 'cookiePath', 'sameSite');
 
  cookieStorage.setProperties(options);
  this.set('cookieExpirationTime', cookieStorage.get('cookieExpirationTime'));

packages/ember-simple-auth/tests/unit/session-stores/adaptive-test.js

@@ -95,18 +95,20 @@ module('AdaptiveStore', function(hooks) {
 
  store.setProperties({
  cookieName: 'test:session',
- cookieExpirationTime: 60
+ cookieExpirationTime: 60,
+ sameSite: 'Strict',
  });
  });
  await store.persist({ key: 'value' });
 
  assert.ok(cookieService.write.calledWith(
  'test:session-expiration_time',
  60,
- sinon.match(function({ domain, expires, path, secure }) {
+ sinon.match(function({ domain, expires, path, secure, sameSite }) {
  return domain === null &&
  path === '/' &&
- secure === false && expires >= new Date(now.getTime() + 60 * 1000);
+ secure === false && expires >= new Date(now.getTime() + 60 * 1000) &&
+ sameSite === 'Strict';
  })
  ));
  });