Set samesite lax instead of None if site is not on https #15598
Labels
Enhancement
For new feature suggestions that enhance Matomo's capabilities or add a new report, new API etc.
Milestone
I'm referring to this here: https://github.com/matomo-org/matomo/pull/15561/files#diff-7de787015af7507a7278689396b18f7dR450-R451
Other browsers will follow and require
sameSite=None
to also have thesecure
flag. see https://blog.chromium.org/2019/10/developers-get-ready-for-new.htmlSo, if we are on http, and we are about to set
None
, then we should setLax
instead.All we need to do likely is changing
if ((!ProxyHttp::isHttps()) && $browserFamily === 'Chrome') {
toif ((!ProxyHttp::isHttps())) {
. We leave the check for safari in there in case the user is no HTTPS.The text was updated successfully, but these errors were encountered: