Use of SameSite=Strict by rajat315315 · Pull Request #16386 · phpmyadmin/phpmyadmin

rajat315315 · 2020-10-06T10:03:39Z

Signed-off-by: Rajat Jain rajatjain.ix@gmail.com

Description

Added new cookie parameter SameSite=Strict.

Fixes #16316

Before submitting pull request, please review the following checklist:

Make sure you have read our CONTRIBUTING.md document.
Make sure you are making a pull request against the correct branch. For example, for bug fixes in a released version use the corresponding QA branch and for new features use the master branch. If you have a doubt, you can ask as a comment in the bug report or on the mailing list.
Every commit has proper Signed-off-by line as described in our DCO. This ensures that the work you're submitting is your own creation.
Every commit has a descriptive commit message.
Every commit is needed on its own, if you have just minor fixes to previous commits, you can squash them.
Any new functionality is covered by tests.

williamdes

LGTM

rajat315315

@MauricioFauth is it better now?

rajat315315 · 2020-10-09T06:03:39Z

@MauricioFauth is it better?

rajat315315 · 2020-10-09T11:10:58Z

Just a request..
Can we add hacktoberfest-accepted label to PR if it gets merged?

MauricioFauth · 2020-10-09T12:32:41Z

+                'domain' => '',
+                'secure' => $this->isHttps(),
+                'httponly' => $httponly,
+                'samesite' => 'Strict',


I'm not really sure if it's a good idea to hard-code the Strict value. Maybe we could use a configuration directive and use Strict by default. What do you think @williamdes?

I agree, this is a better idea.

@rajat315315 Could you do this change?

MauricioFauth · 2020-10-09T12:41:14Z

Can we add hacktoberfest-accepted label to PR if it gets merged?

All pull requests for this repository are valid for Hacktoberfest. Don't need to add the hacktoberfest-accepted label. 😉

MauricioFauth · 2020-10-09T12:42:47Z

@rajat315315 Could you please fix the errors found by phpcs?
https://travis-ci.org/github/phpmyadmin/phpmyadmin/jobs/734257860#L434

rajat315315 · 2020-10-10T13:54:16Z

Done.

rajat315315 · 2020-10-14T06:44:03Z

So, I have made samesite as a configuration directive and force-pushed.

williamdes · 2020-10-14T07:08:13Z

Hi @rajat315315
I appreciate your contribution :)
Could you look at #16406 to add a configuration option?

rajat315315 · 2020-10-14T07:11:32Z

Oh, ok.. got it!
Sorry, I mis-understood a bit.

rajat315315 · 2020-10-14T07:19:20Z

Is it better?

MauricioFauth

You should add this configuration to the documentation as well.

williamdes

LGTM for now, missing some documentation :)

rajat315315 · 2020-10-14T09:20:13Z

Do I need to make changes to doc/config.rst ?

williamdes · 2020-10-14T09:52:47Z

Do I need to make changes to doc/config.rst ?

Yes, please

this will solve

You should add this configuration to the documentation as well.

rajat315315 · 2020-10-14T17:57:56Z

Done.

Signed-off-by: Rajat Jain <rajatjain.ix@gmail.com> Update Config.php Polyfilled version fixes Signed-off-by: Rajat Jain <rajatjain.ix@gmail.com> Update libraries/classes/Config.php Co-authored-by: Maurício Meneghini Fauth <mauricio@fauth.dev> phpcs fixes samesite made as configuration directive bugfix, sets sameSite as global configuration directive CodeReviewed Changed config.rst IETF RFC link aded Version added Trailing whitespace fixed. RFC hyperlink added trailing whitespace

williamdes

💯

williamdes · 2020-11-01T21:51:46Z

I improved the documentation with ce6bd5b
(valid values is more used in the documentation)

Pull-request: #16577 Fixes: #16544 Signed-off-by: William Desportes <williamdes@wdes.fr>

rajat315315 force-pushed the fix-16316 branch 2 times, most recently from 57175b2 to 5f66225 Compare October 6, 2020 11:09

williamdes added this to the 5.1.0 milestone Oct 6, 2020

williamdes approved these changes Oct 6, 2020

View reviewed changes

williamdes requested a review from MauricioFauth October 6, 2020 13:34

MauricioFauth requested changes Oct 8, 2020

View reviewed changes

Comment thread libraries/classes/Config.php Outdated

Comment thread libraries/classes/Config.php Outdated

rajat315315 commented Oct 8, 2020

View reviewed changes

Comment thread libraries/classes/Config.php Outdated

rajat315315 force-pushed the fix-16316 branch from 2ae4a64 to 7bd4d25 Compare October 9, 2020 06:03

rajat315315 force-pushed the fix-16316 branch from 7bd4d25 to 3fa7ba5 Compare October 9, 2020 07:16

MauricioFauth requested changes Oct 9, 2020

View reviewed changes

Comment thread libraries/classes/Config.php Outdated

rajat315315 force-pushed the fix-16316 branch from b665022 to 1769389 Compare October 9, 2020 11:14

MauricioFauth reviewed Oct 9, 2020

View reviewed changes

MauricioFauth approved these changes Oct 9, 2020

View reviewed changes

rajat315315 force-pushed the fix-16316 branch from 1769389 to 87d9b1e Compare October 10, 2020 13:54

rajat315315 requested a review from MauricioFauth October 12, 2020 04:39

rajat315315 force-pushed the fix-16316 branch from 87d9b1e to c50151a Compare October 14, 2020 06:43

rajat315315 force-pushed the fix-16316 branch from c50151a to b28ae21 Compare October 14, 2020 07:19

MauricioFauth requested changes Oct 14, 2020

View reviewed changes

Comment thread libraries/config.default.php Outdated

williamdes reviewed Oct 14, 2020

View reviewed changes

Comment thread libraries/classes/Config.php

rajat315315 force-pushed the fix-16316 branch from b28ae21 to 65fa467 Compare October 14, 2020 08:24

williamdes approved these changes Oct 14, 2020

View reviewed changes

rajat315315 force-pushed the fix-16316 branch from 65fa467 to e502731 Compare October 14, 2020 17:57

williamdes reviewed Oct 14, 2020

View reviewed changes

Comment thread doc/config.rst

williamdes reviewed Oct 14, 2020

View reviewed changes

Comment thread doc/config.rst

rajat315315 force-pushed the fix-16316 branch 3 times, most recently from 2499bfd to 1add2cc Compare October 15, 2020 06:24

williamdes approved these changes Oct 15, 2020

View reviewed changes

williamdes reviewed Oct 15, 2020

View reviewed changes

Comment thread doc/config.rst Outdated

MauricioFauth added the hacktoberfest-accepted label Oct 15, 2020

rajat315315 force-pushed the fix-16316 branch from 1add2cc to 7dbec2a Compare October 17, 2020 11:05

rajat315315 force-pushed the fix-16316 branch from 7dbec2a to 8e5d4d4 Compare October 17, 2020 11:06

williamdes approved these changes Oct 17, 2020

View reviewed changes

williamdes requested a review from MauricioFauth October 17, 2020 11:33

williamdes self-assigned this Nov 1, 2020

williamdes merged commit e7feedd into phpmyadmin:master Nov 1, 2020

williamdes mentioned this pull request Nov 1, 2020

Consider use of SameSite=Strict #16316

Closed

williamdes mentioned this pull request Jan 15, 2021

Fixes looping on Login form #16577

Merged

6 tasks

williamdes added a commit that referenced this pull request Jan 21, 2021

Merge #16577 - Fix #16544 - looping on login for introduced by #16386

2ab7c77

Pull-request: #16577 Fixes: #16544 Signed-off-by: William Desportes <williamdes@wdes.fr>

Uh oh!

Conversation

rajat315315 commented Oct 6, 2020

Description

Uh oh!

williamdes left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

rajat315315 left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

rajat315315 commented Oct 9, 2020

Uh oh!

Uh oh!

rajat315315 commented Oct 9, 2020

Uh oh!

MauricioFauth Oct 9, 2020

Choose a reason for hiding this comment

Uh oh!

williamdes Oct 13, 2020

Choose a reason for hiding this comment

Uh oh!

MauricioFauth Oct 13, 2020

Choose a reason for hiding this comment

Uh oh!

rajat315315 Oct 13, 2020

Choose a reason for hiding this comment

Uh oh!

MauricioFauth commented Oct 9, 2020

Uh oh!

MauricioFauth commented Oct 9, 2020

Uh oh!

rajat315315 commented Oct 10, 2020

Uh oh!

rajat315315 commented Oct 14, 2020

Uh oh!

williamdes commented Oct 14, 2020

Uh oh!

rajat315315 commented Oct 14, 2020

Uh oh!

rajat315315 commented Oct 14, 2020

Uh oh!

MauricioFauth left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

williamdes left a comment

Choose a reason for hiding this comment

Uh oh!

rajat315315 commented Oct 14, 2020

Uh oh!

williamdes commented Oct 14, 2020

Uh oh!

rajat315315 commented Oct 14, 2020

Uh oh!

Uh oh!

Uh oh!

Uh oh!

williamdes left a comment

Choose a reason for hiding this comment

Uh oh!

williamdes commented Nov 1, 2020 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

williamdes commented Nov 1, 2020 •

edited

Loading