diff options
| author | Florian Pritz <bluewind@xinu.at> | 2022-01-09 11:31:26 +0100 |
|---|---|---|
| committer | Florian Pritz <bluewind@xinu.at> | 2022-01-09 11:31:26 +0100 |
| commit | 5fb561ed3d972659213de47cb67fdc094adfbc1e (patch) | |
| tree | febd9f7e45d93801c2207691532cad144a848179 /application/config | |
| parent | 82141c4baf5a1436b6eca8b1efa6e2bff3991179 (diff) | |
| parent | ad57720c57c11620c77181655d637a5bfdbe2643 (diff) | |
Merge remote-tracking branch 'upstream/3.1-stable' into dev
Signed-off-by: Florian Pritz <bluewind@xinu.at>
Diffstat (limited to 'application/config')
| -rw-r--r-- | application/config/config.php | 13 | ||||
| -rw-r--r-- | application/config/mimes.php | 2 |
2 files changed, 11 insertions, 4 deletions
diff --git a/application/config/config.php b/application/config/config.php index ec15f6c2c..845e6b55c 100644 --- a/application/config/config.php +++ b/application/config/config.php @@ -13,9 +13,9 @@ defined('BASEPATH') OR exit('No direct script access allowed'); | | WARNING: You MUST set this value! | -| If it is not set, then CodeIgniter will try guess the protocol and path -| your installation, but due to security concerns the hostname will be set -| to $_SERVER['SERVER_ADDR'] if available, or localhost otherwise. +| If it is not set, then CodeIgniter will try to guess the protocol and +| path to your installation, but due to security concerns the hostname will +| be set to $_SERVER['SERVER_ADDR'] if available, or localhost otherwise. | The auto-detection mechanism exists only for convenience during | development and MUST NOT be used in production! | @@ -345,6 +345,10 @@ $config['encryption_key'] = ''; | | The session cookie name, must contain only [0-9a-z_-] characters | +| 'sess_samesite' +| +| Session cookie SameSite attribute: Lax (default), Strict or None +| | 'sess_expiration' | | The number of SECONDS you want the session to last. @@ -385,6 +389,7 @@ $config['encryption_key'] = ''; */ $config['sess_driver'] = 'database'; $config['sess_cookie_name'] = 'ci_session'; +$config['sess_samesite'] = 'Lax'; $config['sess_expiration'] = 7200; $config['sess_save_path'] = "ci_sessions"; $config['sess_match_ip'] = FALSE; @@ -401,6 +406,7 @@ $config['sess_regenerate_destroy'] = FALSE; | 'cookie_path' = Typically will be a forward slash | 'cookie_secure' = Cookie will only be set if a secure HTTPS connection exists. | 'cookie_httponly' = Cookie will only be accessible via HTTP(S) (no javascript) +| 'cookie_samesite' = Cookie's samesite attribute (Lax, Strict or None) | | Note: These settings (with the exception of 'cookie_prefix' and | 'cookie_httponly') will also affect sessions. @@ -411,6 +417,7 @@ $config['cookie_domain'] = ''; $config['cookie_path'] = '/'; $config['cookie_secure'] = FALSE; $config['cookie_httponly'] = FALSE; +$config['cookie_samesite'] = 'Lax'; /* |-------------------------------------------------------------------------- diff --git a/application/config/mimes.php b/application/config/mimes.php index f5407ff89..b2e989fea 100644 --- a/application/config/mimes.php +++ b/application/config/mimes.php @@ -162,7 +162,7 @@ return array( 'cdr' => array('application/cdr', 'application/coreldraw', 'application/x-cdr', 'application/x-coreldraw', 'image/cdr', 'image/x-cdr', 'zz-application/zz-winassoc-cdr'), 'wma' => array('audio/x-ms-wma', 'video/x-ms-asf'), 'jar' => array('application/java-archive', 'application/x-java-application', 'application/x-jar', 'application/x-compressed'), - 'svg' => array('image/svg+xml', 'application/xml', 'text/xml'), + 'svg' => array('image/svg+xml', 'image/svg', 'application/xml', 'text/xml'), 'vcf' => 'text/x-vcard', 'srt' => array('text/srt', 'text/plain'), 'vtt' => array('text/vtt', 'text/plain'), |