pschinis · ardeshireshghi · Feb 17, 2020
diff --git a/lib/rails_same_site_cookie/configuration.rb b/lib/rails_same_site_cookie/configuration.rb
@@ -1,9 +1,11 @@
 module RailsSameSiteCookie
   class Configuration
     attr_accessor :user_agent_regex
+    attr_accessor :user_filter
 
     def initialize
       @user_agent_regex = nil
+      @user_filter = nil
     end
   end
-end
+end
diff --git a/lib/rails_same_site_cookie/middleware.rb b/lib/rails_same_site_cookie/middleware.rb
@@ -12,8 +12,7 @@ def initialize(app)
     def call(env)
       status, headers, body = @app.call(env)
 
-      regex = RailsSameSiteCookie.configuration.user_agent_regex
-      if headers['Set-Cookie'].present? and (regex.nil? or regex.match(env['HTTP_USER_AGENT']))
+      if should_intercept?(env, headers)
         parser = UserAgentChecker.new(env['HTTP_USER_AGENT'])
         if parser.send_same_site_none?
           cookies = headers['Set-Cookie'].split(COOKIE_SEPARATOR)
@@ -38,5 +37,16 @@ def call(env)
       [status, headers, body]
     end
 
+    private
+
+    def should_intercept?(env, headers)
+      regex = RailsSameSiteCookie.configuration.user_agent_regex
+      user_filter = RailsSameSiteCookie.configuration.user_filter
+      result = headers['Set-Cookie'].present? && (regex.nil? || regex.match(env['HTTP_USER_AGENT']))
+
+      return result unless user_filter.respond_to?(:call)
+      result && user_filter.call(env)
+    end
+
   end
-end
+end
diff --git a/lib/rails_same_site_cookie/version.rb b/lib/rails_same_site_cookie/version.rb
@@ -1,3 +1,3 @@
 module RailsSameSiteCookie
-  VERSION = "0.1.5"
+  VERSION = "0.2.0"
 end
diff --git a/spec/middleware_spec.rb b/spec/middleware_spec.rb
@@ -29,11 +29,35 @@
       end
     end
 
+    context "when configured with user filter" do
+
+      before(:each) do
+        RailsSameSiteCookie.configure do |config|
+          config.user_agent_regex = nil
+          config.user_filter = lambda { |env| !env['IS-MOBILE-APPLICATION'].present? }
+        end
+      end
+
+      context "when user filter returns true" do
+        it "adds SameSite=None to cookies for all requests" do
+          response = request.post("/some/path", 'HTTP_USER_AGENT' => '', 'IS-MOBILE-APPLICATION' => false)
+          expect(response['Set-Cookie']).to match(/;\s*samesite=none/i)
+        end
+      end
+
+      context "when user filter returns false" do
+        it "doesn't add SameSite=None if request is missing regex" do
+          response = request.post("/some/path", 'HTTP_USER_AGENT' => '', 'IS-MOBILE-APPLICATION' => true)
+          expect(response['Set-Cookie']).not_to match(/;\s*samesite=none/i)
+        end
+      end
+    end
+
     it "adds SameSite=None to cookies for all requests" do
       response = request.post("/some/path", 'HTTP_USER_AGENT' => '')
       expect(response['Set-Cookie']).to match(/;\s*samesite=none/i)
     end
 
   end
 
-end
+end