Project

General

Profile

Support #11134

Set samesite header for cookies correctly

Added by Marc Egger about 2 months ago. Updated about 1 month ago.

Status:
Priorize
Priority:
Normal
Assignee:
Target version:
Start date:
08.09.2020
Due date:
% Done:

0%

Estimated time:
Discuss:

Description

Firefox warnt, dass das qfq cookie bald abgelehnt wird, weil das samesite attribute nicht richtig gesetzt wurde.

Ab PHP 7.3 kann der default in php.ini festgelegt werden.

Todo:
  • Default samesite in QFQ setzen, allenfalls in den settings konfigurierbar machen

info zu samesite : "allows you to declare if your cookie should be restricted to a first-party or same-site context. " (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite)
samesite in php setzen : https://stackoverflow.com/a/51128675

Firefox warning : Cookie “qfq” will be soon rejected because it has the “SameSite” attribute set to “None” or an invalid value, without the “secure” attribute. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite

History

#1 Updated by Marc Egger about 1 month ago

  • Status changed from New to Priorize

Also available in: Atom PDF