diff --git a/fuel/app/config/config.php b/fuel/app/config/config.php index 491b05d83..a881c83ed 100644 --- a/fuel/app/config/config.php +++ b/fuel/app/config/config.php @@ -208,7 +208,7 @@ // Only transmit cookies over HTTP, disabling Javascript access // 'http_only' => false, // Samesite restrictions on cookie, options include Lax, Strict or None. - 'same_site' => 'None', + 'same_site' => (isset($_SERVER['HTTPS']) and $_SERVER['HTTPS']) ? 'None' : 'Strict', ), /** diff --git a/fuel/app/config/session.php b/fuel/app/config/session.php index 454fccb1b..d683a7f66 100644 --- a/fuel/app/config/session.php +++ b/fuel/app/config/session.php @@ -13,5 +13,5 @@ ] ], 'expiration_time' => $_ENV['SESSION_EXPIRATION'] ?? null, - 'cookie_same_site' => 'None', + 'cookie_same_site' => (isset($_SERVER['HTTPS']) and $_SERVER['HTTPS']) ? 'None' : 'Strict', ];