Project

General

Profile

Bug #11134

Set samesite header for cookies correctly

Added by Marc Egger 4 months ago. Updated 2 months ago.

Status:
Priorize
Priority:
Normal
Assignee:
Target version:
Start date:
08.09.2020
Due date:
% Done:

0%

Estimated time:
Discuss:

Description

Firefox warnt, dass das qfq cookie bald abgelehnt wird, weil das samesite attribute nicht richtig gesetzt wurde.

Ab PHP 7.3 kann der default in php.ini festgelegt werden.

Todo:
  • Default samesite in QFQ setzen, allenfalls in den settings konfigurierbar machen

info zu samesite : "allows you to declare if your cookie should be restricted to a first-party or same-site context. " (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite)
samesite in php setzen : https://stackoverflow.com/a/51128675

Firefox warning : Cookie “qfq” will be soon rejected because it has the “SameSite” attribute set to “None” or an invalid value, without the “secure” attribute. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite

#1

Updated by Marc Egger 4 months ago

  • Status changed from New to Priorize
#2

Updated by Carsten Rose 2 months ago

  • Tracker changed from Support to Bug

Also available in: Atom PDF