From eb770fdc6d809bc7c28d499f897c0ab2c449f669 Mon Sep 17 00:00:00 2001 From: George Petculescu Date: Sun, 28 Feb 2021 20:10:00 +0200 Subject: Initial implementation of samesite for CI_Input::set_cookie --- application/config/config.php | 2 ++ 1 file changed, 2 insertions(+) (limited to 'application') diff --git a/application/config/config.php b/application/config/config.php index f92d11f5d..4ffd83352 100644 --- a/application/config/config.php +++ b/application/config/config.php @@ -385,6 +385,7 @@ $config['sess_regenerate_destroy'] = FALSE; | 'cookie_path' = Typically will be a forward slash | 'cookie_secure' = Cookie will only be set if a secure HTTPS connection exists. | 'cookie_httponly' = Cookie will only be accessible via HTTP(S) (no javascript) +| 'cookie_samesite' = Cookie's samesite attribute (Lax, Strict or None) | | Note: These settings (with the exception of 'cookie_prefix' and | 'cookie_httponly') will also affect sessions. @@ -395,6 +396,7 @@ $config['cookie_domain'] = ''; $config['cookie_path'] = '/'; $config['cookie_secure'] = FALSE; $config['cookie_httponly'] = FALSE; +$config['cookie_samesite'] = 'lax'; /* |-------------------------------------------------------------------------- -- cgit v1.2.3-24-g4f1b From 2abda9049a8d006673204f56f4680526232b2360 Mon Sep 17 00:00:00 2001 From: George Petculescu Date: Sun, 14 Mar 2021 01:56:30 +0200 Subject: Dropping the possibility that samesite cookie attribute won't be sent; defaults to Lax; all samesite values are ucfirst'ed; log for SameSite=None non-secure cookies --- application/config/config.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'application') diff --git a/application/config/config.php b/application/config/config.php index 4ffd83352..596f8fefe 100644 --- a/application/config/config.php +++ b/application/config/config.php @@ -396,7 +396,7 @@ $config['cookie_domain'] = ''; $config['cookie_path'] = '/'; $config['cookie_secure'] = FALSE; $config['cookie_httponly'] = FALSE; -$config['cookie_samesite'] = 'lax'; +$config['cookie_samesite'] = 'Lax'; /* |-------------------------------------------------------------------------- -- cgit v1.2.3-24-g4f1b