diff options
| author | Thomas Steur <tsteur@users.noreply.github.com> | 2020-02-25 02:10:49 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-02-25 02:10:49 +0300 |
| commit | eefe2eb94ecb0398eddb2efc2a927f6c105c3537 (patch) | |
| tree | 054f3d8a977a4728c9a01985b3a875693980d6d1 /core | |
| parent | 787d9d928b5ebc91869b19965c9ebb3dbaec2cee (diff) | |
Set samesite lax instead of None if site is not on https (#15604)
fix https://github.com/matomo-org/matomo/issues/15598
Diffstat (limited to 'core')
| -rw-r--r-- | core/Cookie.php | 22 |
1 files changed, 12 insertions, 10 deletions
diff --git a/core/Cookie.php b/core/Cookie.php index 26cbfe6a3f..6cecd6de53 100644 --- a/core/Cookie.php +++ b/core/Cookie.php @@ -441,16 +441,18 @@ class Cookie $sameSite = ucfirst(strtolower($default)); if ($sameSite == 'None') { - $userAgent = Http::getUserAgent(); - $ddFactory = StaticContainer::get(\Piwik\DeviceDetector\DeviceDetectorFactory::class); - $deviceDetector = $ddFactory->makeInstance($userAgent); - $deviceDetector->parse(); - - $browserFamily = \DeviceDetector\Parser\Client\Browser::getBrowserFamily($deviceDetector->getClient('short_name')); - if ((!ProxyHttp::isHttps()) && $browserFamily === 'Chrome') { - $sameSite = 'Lax'; - } else if ($browserFamily === 'Safari') { - $sameSite = ''; + if ((!ProxyHttp::isHttps())) { + $sameSite = 'Lax'; // None can be only used when secure flag will be set + } else { + $userAgent = Http::getUserAgent(); + $ddFactory = StaticContainer::get(\Piwik\DeviceDetector\DeviceDetectorFactory::class); + $deviceDetector = $ddFactory->makeInstance($userAgent); + $deviceDetector->parse(); + + $browserFamily = \DeviceDetector\Parser\Client\Browser::getBrowserFamily($deviceDetector->getClient('short_name')); + if ($browserFamily === 'Safari') { + $sameSite = ''; + } } } |