From d9218efec1d89e9d633b73f367bcc7b676400621 Mon Sep 17 00:00:00 2001 From: George Petculescu Date: Tue, 16 Nov 2021 02:18:40 +0200 Subject: [ci skip] Merge pull request #6071 from ddonatek/patch-1 Added another SVG mimetype --- application/config/mimes.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'application/config') diff --git a/application/config/mimes.php b/application/config/mimes.php index f5407ff89..b2e989fea 100644 --- a/application/config/mimes.php +++ b/application/config/mimes.php @@ -162,7 +162,7 @@ return array( 'cdr' => array('application/cdr', 'application/coreldraw', 'application/x-cdr', 'application/x-coreldraw', 'image/cdr', 'image/x-cdr', 'zz-application/zz-winassoc-cdr'), 'wma' => array('audio/x-ms-wma', 'video/x-ms-asf'), 'jar' => array('application/java-archive', 'application/x-java-application', 'application/x-jar', 'application/x-compressed'), - 'svg' => array('image/svg+xml', 'application/xml', 'text/xml'), + 'svg' => array('image/svg+xml', 'image/svg', 'application/xml', 'text/xml'), 'vcf' => 'text/x-vcard', 'srt' => array('text/srt', 'text/plain'), 'vtt' => array('text/vtt', 'text/plain'), -- cgit v1.2.3-24-g4f1b From 4362b7d9f39189472950589ce47a483b6025f5e9 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Wed, 5 Jan 2022 17:52:40 +0200 Subject: Merge pull request #6025 from gxgpet/develop SameSite attribute implementation for CI_Input::set_cookie --- application/config/config.php | 2 ++ 1 file changed, 2 insertions(+) (limited to 'application/config') diff --git a/application/config/config.php b/application/config/config.php index 9ab8248e3..161b95699 100644 --- a/application/config/config.php +++ b/application/config/config.php @@ -397,6 +397,7 @@ $config['sess_regenerate_destroy'] = FALSE; | 'cookie_path' = Typically will be a forward slash | 'cookie_secure' = Cookie will only be set if a secure HTTPS connection exists. | 'cookie_httponly' = Cookie will only be accessible via HTTP(S) (no javascript) +| 'cookie_samesite' = Cookie's samesite attribute (Lax, Strict or None) | | Note: These settings (with the exception of 'cookie_prefix' and | 'cookie_httponly') will also affect sessions. @@ -407,6 +408,7 @@ $config['cookie_domain'] = ''; $config['cookie_path'] = '/'; $config['cookie_secure'] = FALSE; $config['cookie_httponly'] = FALSE; +$config['cookie_samesite'] = 'Lax'; /* |-------------------------------------------------------------------------- -- cgit v1.2.3-24-g4f1b From 1a2651040ef701e750b1c13cd69cc70814b079d0 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Wed, 5 Jan 2022 18:52:24 +0200 Subject: Add SameSite cookie support to Session library --- application/config/config.php | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'application/config') diff --git a/application/config/config.php b/application/config/config.php index 161b95699..ee599c7aa 100644 --- a/application/config/config.php +++ b/application/config/config.php @@ -341,6 +341,10 @@ $config['encryption_key'] = ''; | | The session cookie name, must contain only [0-9a-z_-] characters | +| 'sess_samesite' +| +| Session cookie SameSite attribute: Lax (default), Strict or None +| | 'sess_expiration' | | The number of SECONDS you want the session to last. @@ -381,6 +385,7 @@ $config['encryption_key'] = ''; */ $config['sess_driver'] = 'files'; $config['sess_cookie_name'] = 'ci_session'; +$config['sess_samesite'] = 'Lax'; $config['sess_expiration'] = 7200; $config['sess_save_path'] = NULL; $config['sess_match_ip'] = FALSE; -- cgit v1.2.3-24-g4f1b From b8445bf3f5ac18b6325e1205e068a24d80a19307 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Wed, 5 Jan 2022 20:57:43 +0200 Subject: [ci skip] Merge pull request #5690 from Lohith94/develop Corrected some grammar --- application/config/config.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'application/config') diff --git a/application/config/config.php b/application/config/config.php index ee599c7aa..1abe32c00 100644 --- a/application/config/config.php +++ b/application/config/config.php @@ -13,9 +13,9 @@ defined('BASEPATH') OR exit('No direct script access allowed'); | | WARNING: You MUST set this value! | -| If it is not set, then CodeIgniter will try guess the protocol and path -| your installation, but due to security concerns the hostname will be set -| to $_SERVER['SERVER_ADDR'] if available, or localhost otherwise. +| If it is not set, then CodeIgniter will try to guess the protocol and +| path your installation, but due to security concerns the hostname will +| be set to $_SERVER['SERVER_ADDR'] if available, or localhost otherwise. | The auto-detection mechanism exists only for convenience during | development and MUST NOT be used in production! | -- cgit v1.2.3-24-g4f1b From b8ad8411998b028f829db4231b3ef1db0eef8813 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Wed, 5 Jan 2022 20:59:30 +0200 Subject: [ci skip] Another minor grammar correction following #5690 --- application/config/config.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'application/config') diff --git a/application/config/config.php b/application/config/config.php index 1abe32c00..35ace5cc9 100644 --- a/application/config/config.php +++ b/application/config/config.php @@ -13,8 +13,8 @@ defined('BASEPATH') OR exit('No direct script access allowed'); | | WARNING: You MUST set this value! | -| If it is not set, then CodeIgniter will try to guess the protocol and -| path your installation, but due to security concerns the hostname will +| If it is not set, then CodeIgniter will try to guess the protocol and +| path to your installation, but due to security concerns the hostname will | be set to $_SERVER['SERVER_ADDR'] if available, or localhost otherwise. | The auto-detection mechanism exists only for convenience during | development and MUST NOT be used in production! -- cgit v1.2.3-24-g4f1b