Make sure to set secure flag when setting samesite none (#15676)

author: Thomas Steur <tsteur@users.noreply.github.com> 2020-03-11 12:14:18 +0300
committer: GitHub <noreply@github.com> 2020-03-11 12:14:18 +0300
commit: 4d6d716692daf0c2a32f58386e3fac4dd4cac98b (patch)
tree: 58f90df6f1ff705d5f4548ec492e91023cdbfc10 /core/Tracker/Request.php
parent: 4265f8e6508ecefe159d2e4b598d334639012ce0 (diff)
1 files changed, 7 insertions, 1 deletions
diff --git a/core/Tracker/Request.php b/core/Tracker/Request.php
index 4054446a41..d35b538fc1 100644
--- a/core/Tracker/Request.php
+++ b/core/Tracker/Request.php
@@ -20,6 +20,7 @@ use Piwik\Network\IPUtils;
 use Piwik\Piwik;
 use Piwik\Plugins\CustomVariables\CustomVariables;
 use Piwik\Plugins\UsersManager\UsersManager;
+use Piwik\ProxyHttp;
 use Piwik\Tracker;
 use Piwik\Cache as PiwikCache;
 
@@ -686,7 +687,12 @@ class Request
         $cookie = $this->makeThirdPartyCookieUID();
         $idVisitor = bin2hex($idVisitor);
         $cookie->set(0, $idVisitor);
-        $cookie->save('None');
+        if (ProxyHttp::isHttps()) {
+            $cookie->setSecure(true);
+            $cookie->save('None');
+        } else {
+            $cookie->save('Lax');
+        }
 
         Common::printDebug(sprintf("We set the visitor ID to %s in the 3rd party cookie...", $idVisitor));
     }
author	Thomas Steur <tsteur@users.noreply.github.com>	2020-03-11 12:14:18 +0300
committer	GitHub <noreply@github.com>	2020-03-11 12:14:18 +0300
commit	4d6d716692daf0c2a32f58386e3fac4dd4cac98b (patch)
tree	58f90df6f1ff705d5f4548ec492e91023cdbfc10 /core/Tracker/Request.php
parent	4265f8e6508ecefe159d2e4b598d334639012ce0 (diff)