From 8e5d4d4708d42abdcf3a6a3dd79155ba1d4c90fe Mon Sep 17 00:00:00 2001
From: Rajat Jain <rajatjain.ix@gmail.com>
Date: Tue, 6 Oct 2020 15:32:10 +0530
Subject: Use of SameSite=Strict
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Rajat Jain <rajatjain.ix@gmail.com>

Update Config.php

Polyfilled

version fixes

Signed-off-by: Rajat Jain <rajatjain.ix@gmail.com>

Update libraries/classes/Config.php

Co-authored-by: Maurício Meneghini Fauth <mauricio@fauth.dev>

phpcs fixes

samesite made as configuration directive

bugfix, sets sameSite as global configuration directive

CodeReviewed

Changed config.rst

IETF RFC link aded

Version added

Trailing whitespace fixed.

RFC hyperlink added

trailing whitespace
---
 libraries/config.default.php | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'libraries/config.default.php')

diff --git a/libraries/config.default.php b/libraries/config.default.php
index 2ee0c71a9b..e87e19b49f 100644
--- a/libraries/config.default.php
+++ b/libraries/config.default.php
@@ -776,6 +776,13 @@ $cfg['AllowUserDropDatabase'] = false;
  */
 $cfg['Confirm'] = true;
 
+/**
+ * sets SameSite attribute of the Set-Cookie HTTP response header
+ *
+ * @global boolean $cfg['CookieSameSite']
+ */
+ $cfg['CookieSameSite'] = 'Strict';
+
 /**
  * recall previous login in cookie authentication mode or not
  *
-- 
cgit v1.2.3