diogo
/
symfony
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

bug #31475 [HttpFoundation] Allow set 'None' on samesite cookie flag (markitosgv) 

This PR was merged into the 3.4 branch.

Discussion
----------

[HttpFoundation] Allow set 'None' on samesite cookie flag

Allow set samesite cookie flag to 'None' value

| Q             | A
| ------------- | ---
| Branch?       | 3.4
| Bug fix?      | yes
| New feature?  | no
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | #31467
| License       | MIT

Google introduces new Chrome policy, marking all none setted samesite flag to 'Strict' by default. If you want to allow third party cookies you must set samesite flag to None.

This PR fixes #31467, allow to put samesite Cookie flag to None.

Commits
-------

8bac3d6fa3 Allow set 'None' on samesite cookie flag
This commit is contained in:
Nicolas Grekas 2019-05-11 11:52:36 +02:00
parent c717083d84 8bac3d6fa3
commit 11f8a1e5c9
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/Symfony/Component/HttpFoundation/Cookie.php
View File

@ -28,6 +28,7 @@ class Cookie
private $raw;
private $sameSite;
const SAMESITE_NONE = 'none';
const SAMESITE_LAX = 'lax';
const SAMESITE_STRICT = 'strict';
@ -128,7 +129,7 @@ class Cookie
$sameSite = strtolower($sameSite);
}
if (!\in_array($sameSite, [self::SAMESITE_LAX, self::SAMESITE_STRICT, null], true)) {
if (!\in_array($sameSite, [self::SAMESITE_LAX, self::SAMESITE_STRICT, self::SAMESITE_NONE, null], true)) {
throw new \InvalidArgumentException('The "sameSite" parameter value is not valid.');
}