diff options
| author | Roeland Jago Douma <roeland@famdouma.nl> | 2020-06-19 09:31:47 +0200 |
|---|---|---|
| committer | Roeland Jago Douma <roeland@famdouma.nl> | 2020-06-22 08:38:44 +0200 |
| commit | fbf9772a3eafeab74cc5b3f76e7ad7cc081991bb (patch) | |
| tree | 3634d762f08b16e4dbfe8ad737d37f741296ce77 /lib/private/AppFramework/Http | |
| parent | 6cd224a3a826bef2a666d70a8cf0c4368c81b181 (diff) | |
| download | nextcloud-server-fbf9772a3eafeab74cc5b3f76e7ad7cc081991bb.tar.gz nextcloud-server-fbf9772a3eafeab74cc5b3f76e7ad7cc081991bb.zip | |
Allow to specify the cookie type for appframework responses
In general it is good to set them to Lax. But also to give devs more
control over them is not a bad thing.
Helps with #21474
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Diffstat (limited to 'lib/private/AppFramework/Http')
| -rw-r--r-- | lib/private/AppFramework/Http/Output.php | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/lib/private/AppFramework/Http/Output.php b/lib/private/AppFramework/Http/Output.php index fd95f370360..8777c1970a6 100644 --- a/lib/private/AppFramework/Http/Output.php +++ b/lib/private/AppFramework/Http/Output.php @@ -92,8 +92,20 @@ class Output implements IOutput { * @param bool $secure * @param bool $httpOnly */ - public function setCookie($name, $value, $expire, $path, $domain, $secure, $httpOnly) { + public function setCookie($name, $value, $expire, $path, $domain, $secure, $httpOnly, $sameSite = 'Lax') { $path = $this->webRoot ? : '/'; - setcookie($name, $value, $expire, $path, $domain, $secure, $httpOnly); + + if (PHP_VERSION_ID < 70300) { + setcookie($name, $value, $expire, $path, $domain, $secure, $httpOnly); + } else { + setcookie($name, $value, [ + 'expires' => $expire, + 'path' => $path, + 'domain' => $domain, + 'secure' => $secure, + 'httponly' => $httpOnly, + 'samesite' => $sameSite + ]); + } } } |