Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[NFR]: Cookies - SameSite #14627

Closed
Brett-Bullard opened this issue Dec 16, 2019 · 3 comments
Closed

[NFR]: Cookies - SameSite #14627

Brett-Bullard opened this issue Dec 16, 2019 · 3 comments

Comments

@Brett-Bullard
Copy link

@Brett-Bullard Brett-Bullard commented Dec 16, 2019

Is your feature request related to a problem? Please describe.
Chrome currently throws this error on cookies set with Phalcon:

"A cookie associated with a resource at was set with SameSite=None but without Secure. A future release of Chrome will only deliver cookies marked SameSite=None if they are also marked Secure. You can review cookies in developer tools under Application>Storage>Cookies and see more details at ."

It appears that the future release they are referring to is Chrome 80, I believe 79 is out now. Additionally, the ability to set the samesite attribute on your cookies is a way to prevent CSRF.

Describe the solution you'd like
I would like to see Phalcon's $cookie->set method support more options, but especially the samesite attribute.

Describe alternatives you've considered
The alternative method would be to rip out Phalcon's cookie management and use PHP's native one.

Additional context
Add any other context or screenshots about the feature request here.

@niden niden changed the title [NFR]: [NFR]: Cookies - SameSite Dec 16, 2019
@niden niden mentioned this issue Dec 16, 2019
5 of 5 tasks complete
@niden niden added this to To do in 4.1 Release via automation Dec 16, 2019
@niden niden added the 4.1.0 label Dec 16, 2019
@ruudboon ruudboon closed this Dec 18, 2019
4.1 Release automation moved this from To do to Done Dec 18, 2019
@ruudboon ruudboon reopened this Dec 18, 2019
4.1 Release automation moved this from Done to In progress Dec 18, 2019
@ruudboon ruudboon added this to Backlog in Phalcon Roadmap Dec 24, 2019
@niden niden removed this from In progress in 4.1 Release Dec 24, 2019
@ruudboon

This comment has been minimized.

Copy link
Member

@ruudboon ruudboon commented Jan 2, 2020

@niden I'm a bit lost in this one. I think it's fixed in the 4.0.x branch and will be part of the 4.0.1 release right?

@niden

This comment has been minimized.

Copy link
Member

@niden niden commented Jan 2, 2020

This one is a bit tricky. It needs a bit of work to be fixed but will not work for PHP 7.2 unless we break the interface (bc compatible).

This is because setcookie in PHP 7.3 can accept the samesite as an option in the third parameter of setcookie - option that does not exist in earlier PHP versions.

I think we can fix it for 7.3 now and since we will be removing 7.2 in the near future we will be ok. Plus the HTTP layer will be rewritten so not a huge problem there.

@niden niden self-assigned this Jan 2, 2020
@niden niden moved this from Backlog to Current Sprint (Ends January 10th) in Phalcon Roadmap Jan 2, 2020
niden added a commit to niden/cphalcon that referenced this issue Jan 5, 2020
niden added a commit to niden/cphalcon that referenced this issue Jan 5, 2020
niden added a commit to niden/cphalcon that referenced this issue Jan 5, 2020
@niden niden mentioned this issue Jan 5, 2020
4 of 5 tasks complete
@niden niden moved this from Current Sprint (Ends January 10th) to Working on it in Phalcon Roadmap Jan 5, 2020
@niden niden added the documentation label Jan 5, 2020
niden added a commit that referenced this issue Jan 5, 2020
niden added a commit that referenced this issue Jan 5, 2020
@niden

This comment has been minimized.

Copy link
Member

@niden niden commented Jan 5, 2020

Resolved in #14683

@niden niden closed this Jan 5, 2020
Phalcon Roadmap automation moved this from Working on it to Implemented Jan 5, 2020
niden added a commit that referenced this issue Jan 5, 2020
niden added a commit that referenced this issue Jan 5, 2020
niden added a commit that referenced this issue Jan 5, 2020
niden added a commit to niden/cphalcon that referenced this issue Jan 5, 2020
niden added a commit to niden/cphalcon that referenced this issue Jan 6, 2020
niden added a commit to niden/cphalcon that referenced this issue Jan 6, 2020
@niden niden removed the documentation label Jan 11, 2020
@niden niden moved this from Implemented to Released in Phalcon Roadmap Jan 11, 2020
niden added a commit to niden/cphalcon that referenced this issue Jan 17, 2020
niden added a commit to niden/cphalcon that referenced this issue Jan 17, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
Phalcon Roadmap
  
Released
3 participants
You can’t perform that action at this time.