Use of SameSite=Strict

Signed-off-by: Rajat Jain <rajatjain.ix@gmail.com> Update Config.php Polyfilled version fixes Signed-off-by: Rajat Jain <rajatjain.ix@gmail.com> Update libraries/classes/Config.php Co-authored-by: Maurício Meneghini Fauth <mauricio@fauth.dev> phpcs fixes samesite made as configuration directive bugfix, sets sameSite as global configuration directive CodeReviewed Changed config.rst IETF RFC link aded Version added Trailing whitespace fixed. RFC hyperlink added trailing whitespace
author: Rajat Jain <rajatjain.ix@gmail.com> 2020-10-06 13:02:10 +0300
committer: Rajat Jain <rajatjain.ix@gmail.com> 2020-10-17 14:06:31 +0300
commit: 8e5d4d4708d42abdcf3a6a3dd79155ba1d4c90fe (patch)
tree: 4e962a8d97bb98995d72254187364b19c0f3bbbf /libraries/config.default.php
parent: 0cad95a5de557d06339725df39513af2e9e4c089 (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/libraries/config.default.php b/libraries/config.default.php
index 2ee0c71a9b..e87e19b49f 100644
--- a/libraries/config.default.php
+++ b/libraries/config.default.php
@@ -777,6 +777,13 @@ $cfg['AllowUserDropDatabase'] = false;
 $cfg['Confirm'] = true;
 
 /**
+ * sets SameSite attribute of the Set-Cookie HTTP response header
+ *
+ * @global boolean $cfg['CookieSameSite']
+ */
+ $cfg['CookieSameSite'] = 'Strict';
+
+/**
  * recall previous login in cookie authentication mode or not
  *
  * @global boolean $cfg['LoginCookieRecall']
author	Rajat Jain <rajatjain.ix@gmail.com>	2020-10-06 13:02:10 +0300
committer	Rajat Jain <rajatjain.ix@gmail.com>	2020-10-17 14:06:31 +0300
commit	8e5d4d4708d42abdcf3a6a3dd79155ba1d4c90fe (patch)
tree	4e962a8d97bb98995d72254187364b19c0f3bbbf /libraries/config.default.php
parent	0cad95a5de557d06339725df39513af2e9e4c089 (diff)