Skip to content
Permalink
Browse files
[Session] Cookie SameSite should be strict by default
  • Loading branch information
brusch committed Jul 28, 2021
1 parent 43b0963 commit 8aa0cac5ef555a9bf3811d1cc6a8fb9d07707e88
@@ -19,6 +19,7 @@ framework:
# http://symfony.com/doc/current/reference/configuration/framework.html#handler-id
# use the native PHP session mechanism
handler_id: null
cookie_samesite: 'strict'
php_errors:
log: true
assets: ~
@@ -29,6 +29,14 @@ services:
- Pimcore\Security\Encoder\PasswordFieldEncoder
- ['password']
```
- [Session] Default setting for `framework.session.cookie_samesite` changed to `strict`.
For more information about the possible impact on your project, please have a look at the [docs of set-cookie](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite).
If you prefer to stay on the old session cookie behavior, please add the following to your project configuration:
```yaml
framework:
session:
cookie_samesite: 'lax'
```

## 10.0.0

0 comments on commit 8aa0cac

Please sign in to comment.