[Koha-bugs] [Bug 26019] Koha should set SameSite attribute on cookies
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Wed Aug 5 16:50:47 CEST 2020
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26019
Marcel de Rooy <m.de.rooy at rijksmuseum.nl> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |m.de.rooy at rijksmuseum.nl
--- Comment #2 from Marcel de Rooy <m.de.rooy at rijksmuseum.nl> ---
Why wouldnt we add a preference like SameSiteCookie to include cookie names
that do not want to default to Lax ?
So e.g. SameSiteCookie = cookieA:None, cookieB:Strict
CookieA and CookieB should respond to the pref and the other ones default to
Lax? Which is becoming the behavior in most browsers? Or even add the fallback
in the pref itself?
We could add a wrapper around CGI->cookie to set it.
Koha::Cookie->new({ attributes })->generate ?
--
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
More information about the Koha-bugs
mailing list