Project

General

Profile

Actions

Bug #11134

closed

Set samesite header for cookies correctly

Added by Marc Egger over 3 years ago. Updated almost 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Carsten Rose
Target version:
Start date:
08.09.2020
Due date:
07.12.2021
% Done:

0%

Estimated time:
Discuss:
Prio Planung:
Vote:

Description

Firefox warnt, dass das qfq cookie bald abgelehnt wird, weil das samesite attribute nicht richtig gesetzt wurde.

Ab PHP 7.3 kann der default in php.ini festgelegt werden.

Todo:
  • Default samesite in QFQ setzen, allenfalls in den settings konfigurierbar machen

info zu samesite : "allows you to declare if your cookie should be restricted to a first-party or same-site context. " (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite)
samesite in php setzen : https://stackoverflow.com/a/51128675

Firefox warning : Cookie “qfq” will be soon rejected because it has the “SameSite” attribute set to “None” or an invalid value, without the “secure” attribute. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite

Actions

Also available in: Atom PDF