Fix session timeouts in overlay session (#18648)

* Ensure samesite cookie attribute is set correctly for requests coming from overlay session

* Don't fetch API.getPagesComparisonsDisabledFor on Overlay page

* Check for explicit overlay requests

* Adds valid host check

* parse referer query

* use UrlHelper::getArrayFromQueryString

* Adds some tests for Overlay::isOverlayRequest

* apply review feedback

* built vue files

Co-authored-by: sgiehl <sgiehl@users.noreply.github.com>

2 files changed, 5 insertions, 3 deletions

diff --git a/core/Session.php b/core/Session.php
index 641334676c..096914e6e0 100644
--- a/core/Session.php
+++ b/core/Session.php
@@ -11,6 +11,7 @@ namespace Piwik;
 use Exception;
 use Piwik\Container\StaticContainer;
 use Piwik\Exception\MissingFilePermissionException;
+use Piwik\Plugins\Overlay\Overlay;
 use Piwik\Session\SaveHandler\DbTable;
 use Psr\Log\LoggerInterface;
 use Zend_Session;
@@ -170,10 +171,11 @@ class Session extends Zend_Session
 
         $module = Piwik::getModule();
         $action = Piwik::getAction();
+        $method = Common::getRequestVar('method', '', 'string');
+        $referer = Url::getReferrer();
 
         $isOptOutRequest = $module == 'CoreAdminHome' && $action == 'optOut';
-        $isOverlay = $module == 'Overlay';
-        $shouldUseNone = !empty($general['enable_framed_pages']) || $isOptOutRequest || $isOverlay;
+        $shouldUseNone = !empty($general['enable_framed_pages']) || $isOptOutRequest || Overlay::isOverlayRequest($module, $action, $method, $referer);
 
         if ($shouldUseNone && ProxyHttp::isHttps()) {
             return 'None';
diff --git a/core/UrlHelper.php b/core/UrlHelper.php
index 2a0fc4cb1d..94c8ff9d55 100644
--- a/core/UrlHelper.php
+++ b/core/UrlHelper.php
@@ -202,7 +202,7 @@ class UrlHelper
      */
     public static function getArrayFromQueryString($urlQuery)
     {
-        if (strlen($urlQuery) == 0) {
+        if (empty($urlQuery)) {
             return array();
         }