@tsteur opened this Issue on February 20th 2020 Member

I'm referring to this here: https://github.com/matomo-org/matomo/pull/15561/files#diff-7de787015af7507a7278689396b18f7dR450-R451

Other browsers will follow and require sameSite=None to also have the secure flag. see https://blog.chromium.org/2019/10/developers-get-ready-for-new.html


So, if we are on http, and we are about to set None, then we should set Lax instead.

All we need to do likely is changing if ((!ProxyHttp::isHttps()) && $browserFamily === 'Chrome') { to if ((!ProxyHttp::isHttps())) {. We leave the check for safari in there in case the user is no HTTPS.

This Issue was closed on February 24th 2020
Powered by GitHub Issue Mirror