Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Security/Http] Remember me: allow to set the samesite cookie flag #36175

Merged
merged 1 commit into from Mar 23, 2020

Conversation

@nicolas-grekas
Copy link
Member

nicolas-grekas commented Mar 23, 2020

Q A
Branch? 3.4
Bug fix? yes
New feature? no
Deprecations? no
Tickets -
License MIT
Doc PR -

Similar to #35605, since Chrome 80 is going to require the samesite attribute.

This is a cherry-pick of #27976

@nicolas-grekas nicolas-grekas added this to the 3.4 milestone Mar 23, 2020
@nicolas-grekas nicolas-grekas force-pushed the nicolas-grekas:sec-rem-samesite branch from ce5fef4 to f0ceb73 Mar 23, 2020
@nicolas-grekas

This comment has been minimized.

Copy link
Member Author

nicolas-grekas commented Mar 23, 2020

Thank you @dunglas.

@nicolas-grekas nicolas-grekas merged commit 438d9e5 into symfony:3.4 Mar 23, 2020
3 checks passed
3 checks passed
continuous-integration/appveyor/pr AppVeyor build succeeded
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
fabbot.io Your code looks good.
Details
This was referenced Mar 27, 2020
@fabpot fabpot mentioned this pull request Mar 30, 2020
fabpot added a commit that referenced this pull request Mar 30, 2020
… delete_cookies (wouterj)

This PR was merged into the 3.4 branch.

Discussion
----------

[Security/Http] Allow setting cookie security settings for delete_cookies

| Q             | A
| ------------- | ---
| Branch?       | 3.4
| Bug fix?      | yes
| New feature?  | no
| Deprecations? | no
| Tickets       | Fix #36243 (comment)
| License       | MIT
| Doc PR        | tbd

Similar to #36173 and #36175. This is needed for Chrome 80 compatibility.

My only question is whether we should introduce these specific settings, or somehow fetch them from `framework.session`?

Commits
-------

a696d1f [Security/Http] Allow setting cookie security settings for delete_cookies
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

3 participants
You can’t perform that action at this time.