Skip to content

[Security/Http] Remember me: allow to set the samesite cookie flag #36175

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
nicolas-grekas merged 1 commit into from
Mar 23, 2020
Merged

[Security/Http] Remember me: allow to set the samesite cookie flag #36175

nicolas-grekas merged 1 commit into from
Mar 23, 2020

Conversation

@nicolas-grekas
Copy link
Member

@nicolas-grekas nicolas-grekas commented Mar 23, 2020
edited
Loading

Q A
Branch? 3.4
Bug fix? yes
New feature? no
Deprecations? no
Tickets -
License MIT
Doc PR -

Similar to #35605, since Chrome 80 is going to require the samesite attribute.

This is a cherry-pick of #27976

@nicolas-grekas nicolas-grekas added this to the 3.4 milestone Mar 23, 2020
@nicolas-grekas
Copy link
Member Author

nicolas-grekas commented Mar 23, 2020

Thank you @dunglas.

@nicolas-grekas nicolas-grekas merged commit 438d9e5 into symfony:3.4 Mar 23, 2020
This was referenced Mar 27, 2020
Merged
Merged
@wouterj wouterj mentioned this pull request Mar 28, 2020
Merged
@fabpot fabpot mentioned this pull request Mar 30, 2020
Merged
fabpot added a commit that referenced this pull request Mar 30, 2020
@fabpot
bug #36252 [Security/Http] Allow setting cookie security settings for…
b1d21af 
… delete_cookies (wouterj)

This PR was merged into the 3.4 branch.

Discussion
----------

[Security/Http] Allow setting cookie security settings for delete_cookies

| Q             | A
| ------------- | ---
| Branch?       | 3.4
| Bug fix?      | yes
| New feature?  | no
| Deprecations? | no
| Tickets       | Fix #36243 (comment)
| License       | MIT
| Doc PR        | tbd

Similar to #36173 and #36175. This is needed for Chrome 80 compatibility.

My only question is whether we should introduce these specific settings, or somehow fetch them from `framework.session`?

Commits
-------

a696d1f [Security/Http] Allow setting cookie security settings for delete_cookies
@nicolas-grekas nicolas-grekas deleted the sec-rem-samesite branch April 5, 2020 16:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

Bug Status: Needs Review

Projects

None yet

Milestone

3.4

Development

Successfully merging this pull request may close these issues.

3 participants

@nicolas-grekas @carsonbot @dunglas