diff options
author | Roeland Jago Douma <rullzer@users.noreply.github.com> | 2020-02-06 20:37:45 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-02-06 20:37:45 +0100 |
commit | 3b14cec76646016942bed2c85182c7f66d5a815c (patch) | |
tree | 9dec6237d25a60017c67446378302f0a0f395db0 /lib/private | |
parent | 730af0013258976dbe5664347eeecd074e5eb440 (diff) | |
parent | 2016e57eab1d970e6edd63370e956f462e56c86c (diff) | |
download | nextcloud-server-3b14cec76646016942bed2c85182c7f66d5a815c.tar.gz nextcloud-server-3b14cec76646016942bed2c85182c7f66d5a815c.zip |
Merge pull request #17075 from nextcloud/enh/samesitecookies
Only send samesite cookies
Diffstat (limited to 'lib/private')
-rw-r--r-- | lib/private/Session/CryptoWrapper.php | 18 | ||||
-rw-r--r-- | lib/private/Session/Internal.php | 12 |
2 files changed, 27 insertions, 3 deletions
diff --git a/lib/private/Session/CryptoWrapper.php b/lib/private/Session/CryptoWrapper.php index bbaa907b268..b9dbc90edd6 100644 --- a/lib/private/Session/CryptoWrapper.php +++ b/lib/private/Session/CryptoWrapper.php @@ -86,7 +86,23 @@ class CryptoWrapper { if($webRoot === '') { $webRoot = '/'; } - setcookie(self::COOKIE_NAME, $this->passphrase, 0, $webRoot, '', $secureCookie, true); + + if (PHP_VERSION_ID < 70300) { + setcookie(self::COOKIE_NAME, $this->passphrase, 0, $webRoot, '', $secureCookie, true); + } else { + setcookie( + self::COOKIE_NAME, + $this->passphrase, + [ + 'expires' => 0, + 'path' => $webRoot, + 'domain' => '', + 'secure' => $secureCookie, + 'httponly' => true, + 'samesite' => 'Lax', + ] + ); + } } } } diff --git a/lib/private/Session/Internal.php b/lib/private/Session/Internal.php index d235e9eb50b..b9aae76c3b0 100644 --- a/lib/private/Session/Internal.php +++ b/lib/private/Session/Internal.php @@ -56,7 +56,7 @@ class Internal extends Session { set_error_handler([$this, 'trapError']); $this->invoke('session_name', [$name]); try { - $this->invoke('session_start'); + $this->startSession(); } catch (\Exception $e) { setcookie($this->invoke('session_name'), '', -1, \OC::$WEBROOT ?: '/'); } @@ -106,7 +106,7 @@ class Internal extends Session { public function clear() { $this->invoke('session_unset'); $this->regenerateId(); - $this->invoke('session_start', [], true); + $this->startSession(); $_SESSION = []; } @@ -214,4 +214,12 @@ class Internal extends Session { $this->trapError($e->getCode(), $e->getMessage()); } } + + private function startSession() { + if (PHP_VERSION_ID < 70300) { + $this->invoke('session_start'); + } else { + $this->invoke('session_start', [['cookie_samesite' => 'Lax']]); + } + } } |