Navigation Menu

Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Set samesite lax instead of None if site is not on https #15598

Closed
tsteur opened this issue Feb 20, 2020 · 0 comments · Fixed by #15604
Closed

Set samesite lax instead of None if site is not on https #15598

tsteur opened this issue Feb 20, 2020 · 0 comments · Fixed by #15604
Assignees
@tsteur
Labels
Enhancement For new feature suggestions that enhance Matomo's capabilities or add a new report, new API etc.
Milestone
3.13.4

Comments

@tsteur
Copy link
Member

tsteur commented Feb 20, 2020

I'm referring to this here: https://github.com/matomo-org/matomo/pull/15561/files#diff-7de787015af7507a7278689396b18f7dR450-R451

Other browsers will follow and require sameSite=None to also have the secure flag. see https://blog.chromium.org/2019/10/developers-get-ready-for-new.html

image

So, if we are on http, and we are about to set None, then we should set Lax instead.

All we need to do likely is changing if ((!ProxyHttp::isHttps()) && $browserFamily === 'Chrome') { to if ((!ProxyHttp::isHttps())) {. We leave the check for safari in there in case the user is no HTTPS.
@tsteur tsteur added the Enhancement For new feature suggestions that enhance Matomo's capabilities or add a new report, new API etc. label Feb 20, 2020
@tsteur tsteur added this to the 3.13.4 milestone Feb 20, 2020
@tsteur tsteur changed the title Set lax instead of None if site is not on https Set samesite lax instead of None if site is not on https Feb 20, 2020
@tsteur tsteur self-assigned this Feb 20, 2020
tsteur added a commit that referenced this issue Feb 20, 2020
@tsteur
Set samesite lax instead of None if site is not on https
b1a43f3 
fix #15598
@tsteur tsteur mentioned this issue Feb 20, 2020
Merged
@sgiehl sgiehl linked a pull request Feb 21, 2020 that will close this issue
Set samesite lax instead of None if site is not on https #15604
Merged
tsteur added a commit that referenced this issue Feb 24, 2020
@tsteur
Set samesite lax instead of None if site is not on https (#15604)
eefe2eb 
fix #15598
@tsteur tsteur closed this as completed Feb 24, 2020
jonasgrilleres pushed a commit to 1024pix/pix-analytics that referenced this issue Sep 22, 2020
@tsteur @jonasgrilleres
Set samesite lax instead of None if site is not on https (matomo-org#…
aed379c 
…15604)

fix matomo-org#15598
jbuget pushed a commit to 1024pix/pix-analytics that referenced this issue Sep 26, 2020
@tsteur @jbuget
Set samesite lax instead of None if site is not on https (matomo-org#…
7a0cb9a 
…15604)

fix matomo-org#15598
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tsteur tsteur

Labels
Enhancement For new feature suggestions that enhance Matomo's capabilities or add a new report, new API etc.
Projects
None yet
Milestone
3.13.4
Development

Successfully merging a pull request may close this issue.

Set samesite lax instead of None if site is not on https matomo-org/matomo
1 participant
@tsteur