MantisBT: master ea80bcfb

Diff Back to Repository
Author Committer Branch Timestamp Parent
dregad dregad master 2022-02-17 04:45 master 9090c6c3
Affected Issues  0029611: Cookies "SameSite" attribute triggers warnings in Firefox console
Changeset

Specify the SameSite attribute when setting cookies

This fixes the warnings caused by the SameSite attribute defaulting to
None that were displayed in the browser's console until now.

Changes in gpc_api.php:

  • gpc_set_cookie() has a new $p_samesite parameter, defaulting to null,
    meaning the value of $g_cookie_samesite config will be used.
  • gpc_clear_cookie() also gets $p_samesite parameter, and sets the
    cookie's value to 1 instead of '', to avoid console warnings
    "Cookie XXX has been rejected because it is already expired".

Changes in common.js / javascript_config.php (fixing the
MANTIS_collapse_settings cookie):

  • Expose configs cookie_samesite, cookie_path and cookie_domain
  • Set the SameSite attribute, domain and path when setting the cookie

Changes in session_api.php:

  • fixing the SameSite warnings for the PHP session cookie (PHPSESSID).

Note: in PHP < 7.3.0, the setcookie() function does not allow specifying
the SameSite attribute. To work around this limitation, the this commit
implements a hack relying on PHP bug 69948 1.

Fixes 0029611
mod - core/gpc_api.php Diff File
mod - core/session_api.php Diff File
mod - javascript_config.php Diff File
mod - js/common.js Diff File