mirror/opensourcepos
1
0
Fork 0
mirror of https://github.com/opensourcepos/opensourcepos.git synced 2026-04-04 23:24:16 -04:00
Code Issues Packages Projects Releases Wiki Activity

Enable secure flag to make SameSite effective

Browse Source
This commit is contained in:
Jeroen Peelaerts
2020-12-20 12:35:16 +01:00
committed by jekkos
parent a25653e3cf
commit f7d06c1da4
2 changed files with 13 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
application/config/config.php
View File

@@ -437,7 +437,7 @@ $config['sess_regenerate_destroy'] = FALSE;
$config['cookie_prefix'] = '';
$config['cookie_domain'] = '';
$config['cookie_path'] = '/';
$config['cookie_secure'] = FALSE;
$config['cookie_secure'] = isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on';
$config['cookie_httponly'] = TRUE;
/*

14
application/core/MY_Security.php
View File

@@ -19,19 +19,29 @@ class MY_Security extends CI_Security
return FALSE;
}
$path = config_item('cookie_path');
if (PHP_VERSION_ID < 70300) {
if (is_https())
{
$path .= '; samesite=strict';
}
setcookie($this->_csrf_cookie_name,
$this->_csrf_hash, $expire,
config_item('cookie_path'). '; samesite=strict',
$path,
config_item('cookie_domain'),
$secure_cookie,
FALSE);
}
else
{
$samesite = is_https() ? 'None' : 'Strict';
setcookie($this->_csrf_cookie_name,
$this->_csrf_hash,
['samesite' => 'Strict',
['samesite' => $samesite,
'secure' => $secure_cookie,
'expires' => $expire,
'path' => config_item('cookie_path'),