diff options
author | Roeland Jago Douma <roeland@famdouma.nl> | 2019-09-09 21:29:58 +0200 |
---|---|---|
committer | Roeland Jago Douma <roeland@famdouma.nl> | 2020-02-06 15:24:35 +0100 |
commit | 2016e57eab1d970e6edd63370e956f462e56c86c (patch) | |
tree | ece03de343ce9af606967d73cad1d68ea5deea6a /lib/private | |
parent | daf6887c09b3b706728c5fdef6cb6df0640f1e21 (diff) | |
download | nextcloud-server-2016e57eab1d970e6edd63370e956f462e56c86c.tar.gz nextcloud-server-2016e57eab1d970e6edd63370e956f462e56c86c.zip |
Only send samesite cookies
This makes the last remaining two cookies lax. The session cookie
itself. And the session password as well (on php 7.3 that is). Samesite
cookies are the best cookies!
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Diffstat (limited to 'lib/private')
-rw-r--r-- | lib/private/Session/CryptoWrapper.php | 18 | ||||
-rw-r--r-- | lib/private/Session/Internal.php | 12 |
2 files changed, 27 insertions, 3 deletions
diff --git a/lib/private/Session/CryptoWrapper.php b/lib/private/Session/CryptoWrapper.php index bbaa907b268..b9dbc90edd6 100644 --- a/lib/private/Session/CryptoWrapper.php +++ b/lib/private/Session/CryptoWrapper.php @@ -86,7 +86,23 @@ class CryptoWrapper { if($webRoot === '') { $webRoot = '/'; } - setcookie(self::COOKIE_NAME, $this->passphrase, 0, $webRoot, '', $secureCookie, true); + + if (PHP_VERSION_ID < 70300) { + setcookie(self::COOKIE_NAME, $this->passphrase, 0, $webRoot, '', $secureCookie, true); + } else { + setcookie( + self::COOKIE_NAME, + $this->passphrase, + [ + 'expires' => 0, + 'path' => $webRoot, + 'domain' => '', + 'secure' => $secureCookie, + 'httponly' => true, + 'samesite' => 'Lax', + ] + ); + } } } } diff --git a/lib/private/Session/Internal.php b/lib/private/Session/Internal.php index d235e9eb50b..b9aae76c3b0 100644 --- a/lib/private/Session/Internal.php +++ b/lib/private/Session/Internal.php @@ -56,7 +56,7 @@ class Internal extends Session { set_error_handler([$this, 'trapError']); $this->invoke('session_name', [$name]); try { - $this->invoke('session_start'); + $this->startSession(); } catch (\Exception $e) { setcookie($this->invoke('session_name'), '', -1, \OC::$WEBROOT ?: '/'); } @@ -106,7 +106,7 @@ class Internal extends Session { public function clear() { $this->invoke('session_unset'); $this->regenerateId(); - $this->invoke('session_start', [], true); + $this->startSession(); $_SESSION = []; } @@ -214,4 +214,12 @@ class Internal extends Session { $this->trapError($e->getCode(), $e->getMessage()); } } + + private function startSession() { + if (PHP_VERSION_ID < 70300) { + $this->invoke('session_start'); + } else { + $this->invoke('session_start', [['cookie_samesite' => 'Lax']]); + } + } } |