Skip to content

Commit

Permalink
Fix salesagility#10249 - cookies do not set samesite attribute requir…
Browse files Browse the repository at this point in the history
…ed by current browsers

- uses php.ini for default value
- sets samesite attr to value in php ini or strict
- adds required samesite parameter
  • Loading branch information
chris001 authored and jack7anderson7 committed Mar 12, 2024
1 parent 8735575 commit ff279b2
Showing 1 changed file with 14 additions and 2 deletions.
16 changes: 14 additions & 2 deletions include/MVC/SugarApplication.php
Original file line number Diff line number Diff line change
Expand Up @@ -781,6 +781,7 @@ protected static function validateMessageType($type)
* @param null $domain
* @param bool $secure
* @param bool $httponly
* @param string $samesite
*/
public static function setCookie(
$name,
Expand All @@ -789,7 +790,8 @@ public static function setCookie(
$path = null,
$domain = null,
$secure = false,
$httponly = true
$httponly = true,
$samesite = null
) {
if (isSSL()) {
$secure = true;
Expand All @@ -811,8 +813,18 @@ public static function setCookie(
}
}

$defaultCookieSameSite = ini_get('session.cookie_samesite');
if ($samesite === null) {
if(empty($defaultCookieSameSite)) {
$samesite = 'Strict';
} else {
$samesite = $defaultCookieSameSite;
}
}

if (!headers_sent()) {
setcookie($name, $value, $expire, $path, $domain, $secure, $httponly);
setcookie($name, $value, ['expires' => $expire, 'path' => $path, 'domain' => $domain,
'secure' => $secure, 'httponly' => $httponly, 'samesite' => $samesite]);
}

$_COOKIE[$name] = $value;
Expand Down

0 comments on commit ff279b2

Please sign in to comment.