@tsteur opened this Issue on February 20th 2020 Member

I'm referring to this here: https://github.com/matomo-org/matomo/pull/15561/files#diff-7de787015af7507a7278689396b18f7dR450-R451

Other browsers will follow and require sameSite=None to also have the secure flag. see https://blog.chromium.org/2019/10/developers-get-ready-for-new.html

image

So, if we are on http, and we are about to set None, then we should set Lax instead.

All we need to do likely is changing if ((!ProxyHttp::isHttps()) && $browserFamily === 'Chrome') { to if ((!ProxyHttp::isHttps())) {. We leave the check for safari in there in case the user is no HTTPS.

This Issue was closed on February 24th 2020
Powered by GitHub Issue Mirror