From 40b57dcda249d6d10066e910598d942615b1dd0f Mon Sep 17 00:00:00 2001 From: Denis Chenu Date: Wed, 21 Oct 2020 16:52:08 +0200 Subject: [PATCH] Fixed issue #16769: Unable to embed in iframe (using config.php) for Chrome Dev: apply patch from Yii1 before Yii 1.1.23 Dev: see https://github.com/yiisoft/yii/pull/4313/files Dev: cherry-picked Dev: session can be set with samesite:None checked --- framework/web/CHttpSession.php | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/framework/web/CHttpSession.php b/framework/web/CHttpSession.php index 473e098301a..c86343fc1b1 100644 --- a/framework/web/CHttpSession.php +++ b/framework/web/CHttpSession.php @@ -243,6 +243,7 @@ public function getCookieParams() * @param array $value cookie parameters, valid keys include: lifetime, path, * domain, secure, httponly. Note that httponly is all lowercase. * @see http://us2.php.net/manual/en/function.session-set-cookie-params.php + * @see patch from https://github.com/yiisoft/yii/pull/4313/files */ public function setCookieParams($value) { @@ -250,13 +251,26 @@ public function setCookieParams($value) extract($data); extract($value); $this->freeze(); - if(isset($httponly)) + if(isset($httponly) && isset($samesite)) + { + if(version_compare(PHP_VERSION,'7.3.0','>=')) + session_set_cookie_params(array('lifetime'=>$lifetime,'path'=>$path,'domain'=>$domain,'secure'=>$secure,'httponly'=>$httponly,'samesite'=>$samesite)); + else + { + // Work around for setting sameSite cookie prior PHP 7.3 + // https://stackoverflow.com/questions/39750906/php-setcookie-samesite-strict/46971326#46971326 + $path .= '; samesite=' . $samesite; + session_set_cookie_params($lifetime,$path,$domain,$secure,$httponly); + } + } + else if(isset($httponly)) session_set_cookie_params($lifetime,$path,$domain,$secure,$httponly); else session_set_cookie_params($lifetime,$path,$domain,$secure); $this->unfreeze(); } + /** * @return string how to use cookie to store session ID. Defaults to 'Allow'. */