Change SameSite attribute on session cookies to "lax" (#2592)

This commit is contained in:
Anders G. Jørgensen 2020-10-25 21:15:49 +01:00 committed by GitHub
parent cfaf41ce24
commit a271b59092
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 6 additions and 1 deletions

View file

@ -144,6 +144,11 @@ class AppSettingsCommand extends Command
$this->variables['APP_ENVIRONMENT_ONLY'] = $this->confirm(trans('command/messages.environment.app.settings'), true) ? 'false' : 'true'; $this->variables['APP_ENVIRONMENT_ONLY'] = $this->confirm(trans('command/messages.environment.app.settings'), true) ? 'false' : 'true';
} }
// Make sure session cookies are set as "secure" when using HTTPS
if (strpos($this->variables['APP_URL'], 'https://') === 0) {
$this->variables['SESSION_SECURE_COOKIE'] = 'true';
}
$this->checkForRedis(); $this->checkForRedis();
$this->writeToEnvironment($this->variables); $this->writeToEnvironment($this->variables);

View file

@ -188,5 +188,5 @@ return [
| |
*/ */
'same_site' => null, 'same_site' => env('SESSION_SAMESITE_COOKIE', 'lax'),
]; ];