Add support for SameSite Cookie attribute
#640
Comments
|
PRs are welcome 😄 (Would also need to update |
|
I'm currently finalizing the PR, just needed an issue number to add to the NEWS file :) Also, good catch on |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The ability to set the
SameSitecookie attribute would be useful, especially with currently ongoing changes to browsers' handling of cookies without aSameSitepolicy set.Modern browsers are currently rolling out changes setting the default for cookies to
SameSite=Lax, which prevents cookies from being included in Cross-Origin requests. Without support for setting theSameSiteattribute toNone, it will be impossible to use cookies in CORS requests, which is especially problematic for Cross-Origin APIs that rely on storing data in the Plumber session cookie.The proposed changes include adding a new optional parameter called
sameSiteto thesessionCookie()function and the Response class'ssetCookie()andremoveCookie()methods. If this parameter is set to a character value, the attributeSameSite=<value>will be added to the generated cookie.The text was updated successfully, but these errors were encountered: