Commit aa86b9d
committed
Response: setCookie() forces Secure for SameSite=None
A cookie with SameSite=None is rejected by browsers unless it also carries the
Secure attribute (RFC 6265bis). setCookie() now enables Secure automatically in
that case, overriding both the $secure argument and the cookieSecure default.1 parent 5ce7f08 commit aa86b9d
2 files changed
Lines changed: 14 additions & 2 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
257 | 257 | | |
258 | 258 | | |
259 | 259 | | |
| 260 | + | |
| 261 | + | |
| 262 | + | |
| 263 | + | |
260 | 264 | | |
261 | 265 | | |
262 | 266 | | |
263 | 267 | | |
264 | 268 | | |
265 | 269 | | |
266 | | - | |
| 270 | + | |
267 | 271 | | |
268 | | - | |
| 272 | + | |
269 | 273 | | |
270 | 274 | | |
271 | 275 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
135 | 135 | | |
136 | 136 | | |
137 | 137 | | |
| 138 | + | |
| 139 | + | |
| 140 | + | |
| 141 | + | |
| 142 | + | |
| 143 | + | |
| 144 | + | |
| 145 | + | |
138 | 146 | | |
139 | 147 | | |
140 | 148 | | |
| |||
0 commit comments