Skip to content

Commit

Permalink
Restore old SameSite behavior if not HTTPS
Browse files Browse the repository at this point in the history
  • Loading branch information
fudgeu committed Oct 14, 2024
1 parent 4885c0a commit 7669ad9
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 2 deletions.
2 changes: 1 addition & 1 deletion fuel/app/config/config.php
Original file line number Diff line number Diff line change
Expand Up @@ -208,7 +208,7 @@
// Only transmit cookies over HTTP, disabling Javascript access
// 'http_only' => false,
// Samesite restrictions on cookie, options include Lax, Strict or None.
'same_site' => 'None',
'same_site' => (isset($_SERVER['HTTPS']) and $_SERVER['HTTPS']) ? 'None' : 'Strict',
),

/**
Expand Down
2 changes: 1 addition & 1 deletion fuel/app/config/session.php
Original file line number Diff line number Diff line change
Expand Up @@ -13,5 +13,5 @@
]
],
'expiration_time' => $_ENV['SESSION_EXPIRATION'] ?? null,
'cookie_same_site' => 'None',
'cookie_same_site' => (isset($_SERVER['HTTPS']) and $_SERVER['HTTPS']) ? 'None' : 'Strict',
];

0 comments on commit 7669ad9

Please sign in to comment.