Skip to content
Permalink
Browse files

bug #31475 [HttpFoundation] Allow set 'None' on samesite cookie flag …

…(markitosgv)

This PR was merged into the 3.4 branch.

Discussion
----------

[HttpFoundation] Allow set 'None' on samesite cookie flag

Allow set samesite cookie flag to 'None' value

| Q             | A
| ------------- | ---
| Branch?       | 3.4
| Bug fix?      | yes
| New feature?  | no
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | #31467
| License       | MIT

Google introduces new Chrome policy, marking all none setted samesite flag to 'Strict' by default. If you want to allow third party cookies you must set samesite flag to None.

This PR fixes #31467, allow to put samesite Cookie flag to None.

Commits
-------

8bac3d6 Allow set 'None' on samesite cookie flag
  • Loading branch information...
nicolas-grekas committed May 11, 2019
2 parents c717083 + 8bac3d6 commit 11f8a1e5c9071ed2e77a9c3fe1aea1a7d4807fb5
Showing with 2 additions and 1 deletion.
  1. +2 −1 src/Symfony/Component/HttpFoundation/Cookie.php
@@ -28,6 +28,7 @@ class Cookie
private $raw;
private $sameSite;
const SAMESITE_NONE = 'none';
const SAMESITE_LAX = 'lax';
const SAMESITE_STRICT = 'strict';
@@ -128,7 +129,7 @@ public function __construct($name, $value = null, $expire = 0, $path = '/', $dom
$sameSite = strtolower($sameSite);
}
if (!\in_array($sameSite, [self::SAMESITE_LAX, self::SAMESITE_STRICT, null], true)) {
if (!\in_array($sameSite, [self::SAMESITE_LAX, self::SAMESITE_STRICT, self::SAMESITE_NONE, null], true)) {
throw new \InvalidArgumentException('The "sameSite" parameter value is not valid.');
}

0 comments on commit 11f8a1e

Please sign in to comment.
You can’t perform that action at this time.