github-mirror/framework
github-mirror/framework
2
0
Fork 0
mirror of https://github.com/flarum/framework.git synced 2025-03-10 20:31:24 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fixes #2157, Explicitly set SameSite value for cookies (#2159)

Browse Source 
* Fixes #2157, Explicitly set SameSite value for cookies by making samesite a config option in config.php. Also contains an update for the cookie library dependency
This commit is contained in:
Matt Kilgore 2020-06-03 22:53:30 -04:00 committed by GitHub
parent 42a9300a9d
commit 07b9866cfb
2 changed files with 13 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
framework/core/composer.json
View File

@ -38,7 +38,7 @@
"php": ">=7.2", "php": ">=7.2",
"axy/sourcemap": "^0.1.4", "axy/sourcemap": "^0.1.4",
"components/font-awesome": "5.9.*", "components/font-awesome": "5.9.*",
"dflydev/fig-cookies": "^1.0.2", "dflydev/fig-cookies": "^2.0.1",
"doctrine/dbal": "^2.7", "doctrine/dbal": "^2.7",
"franzl/whoops-middleware": "^0.4.0", "franzl/whoops-middleware": "^0.4.0",
"illuminate/bus": "5.8.*", "illuminate/bus": "5.8.*",

12
framework/core/src/Http/CookieFactory.php
View File

@ -9,6 +9,7 @@
namespace Flarum\Http; namespace Flarum\Http;
use Dflydev\FigCookies\Modifier\SameSite;
use Dflydev\FigCookies\SetCookie; use Dflydev\FigCookies\SetCookie;
use Flarum\Foundation\Application; use Flarum\Foundation\Application;
use Illuminate\Support\Arr; use Illuminate\Support\Arr;
@ -43,6 +44,13 @@ class CookieFactory
*/ */
protected $secure; protected $secure;
/**
* Same Site cookie value.
*
* @var string
*/
protected $samesite;
/** /**
* @param Application $app * @param Application $app
*/ */
@ -56,6 +64,7 @@ class CookieFactory
$this->path = $app->config('cookie.path', Arr::get($url, 'path') ?: '/'); $this->path = $app->config('cookie.path', Arr::get($url, 'path') ?: '/');
$this->domain = $app->config('cookie.domain'); $this->domain = $app->config('cookie.domain');
$this->secure = $app->config('cookie.secure', Arr::get($url, 'scheme') === 'https'); $this->secure = $app->config('cookie.secure', Arr::get($url, 'scheme') === 'https');
$this->samesite = $app->config('cookie.samesite');
} }
/** /**
@ -85,6 +94,9 @@ class CookieFactory
$cookie = $cookie->withDomain($this->domain); $cookie = $cookie->withDomain($this->domain);
} }
// Explicitly set SameSite value, use sensible default if no value provided
$cookie = $cookie->withSameSite(SameSite::{$this->samesite ?? 'lax'}());
return $cookie return $cookie
->withPath($this->path) ->withPath($this->path)
->withSecure($this->secure) ->withSecure($this->secure)