diff options
author | Thomas Steur <tsteur@users.noreply.github.com> | 2020-03-11 12:14:18 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-03-11 12:14:18 +0300 |
commit | 4d6d716692daf0c2a32f58386e3fac4dd4cac98b (patch) | |
tree | 58f90df6f1ff705d5f4548ec492e91023cdbfc10 | |
parent | 4265f8e6508ecefe159d2e4b598d334639012ce0 (diff) |
Make sure to set secure flag when setting samesite none (#15676)
-rw-r--r-- | core/Tracker/Request.php | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/core/Tracker/Request.php b/core/Tracker/Request.php index 4054446a41..d35b538fc1 100644 --- a/core/Tracker/Request.php +++ b/core/Tracker/Request.php @@ -20,6 +20,7 @@ use Piwik\Network\IPUtils; use Piwik\Piwik; use Piwik\Plugins\CustomVariables\CustomVariables; use Piwik\Plugins\UsersManager\UsersManager; +use Piwik\ProxyHttp; use Piwik\Tracker; use Piwik\Cache as PiwikCache; @@ -686,7 +687,12 @@ class Request $cookie = $this->makeThirdPartyCookieUID(); $idVisitor = bin2hex($idVisitor); $cookie->set(0, $idVisitor); - $cookie->save('None'); + if (ProxyHttp::isHttps()) { + $cookie->setSecure(true); + $cookie->save('None'); + } else { + $cookie->save('Lax'); + } Common::printDebug(sprintf("We set the visitor ID to %s in the 3rd party cookie...", $idVisitor)); } |