From 654e871a3923e79076818a9a03533fe88222c871 Mon Sep 17 00:00:00 2001
From: star7th <xing7th@gmail.com>
Date: Mon, 22 Nov 2021 20:22:29 +0800
Subject: [PATCH] =?UTF-8?q?Cookie=20security=20/Cookie=20=E5=AE=89?=
 =?UTF-8?q?=E5=85=A8?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 server/index.php | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/server/index.php b/server/index.php
index 6f19bcc82..176d03cdc 100644
--- a/server/index.php
+++ b/server/index.php
@@ -8,6 +8,18 @@
     require './vendor/autoload.php';
 }
 
+// cookie安全，给PHPSESSID加上Strict
+if (PHP_VERSION_ID >= 70300) {
+    session_set_cookie_params([
+        'samesite' => 'Strict'
+    ]);
+} else { 
+    session_set_cookie_params(
+        NULL,
+        '/; samesite=Strict',
+    );
+}
+
 // 开启调试模式 建议开发阶段开启 部署阶段注释或者设为false
 define('APP_DEBUG',True);