[wp-trac] [WordPress Trac] #37000: Support for the SameSite cookie attribute
WordPress Trac
noreply at wordpress.org
Sun Feb 4 03:54:15 UTC 2018
#37000: Support for the SameSite cookie attribute
--------------------------------------+------------------------------
Reporter: johnbillion | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version:
Severity: normal | Resolution:
Keywords: dev-feedback needs-patch | Focuses: administration
--------------------------------------+------------------------------
Comment (by demetris):
I just came upon a hack that makes it possible to set the {{{SameSite}}}
attribute using the default {{{setcookie()}}} function:
{{{#!php
<?php
setcookie('a-cookie', '1', 0, '/; samesite=strict');
}}}
I am trying it out on WordPress by passing a modified {{{COOKIEPATH}}} to
{{{setcookie()}}}:
{{{#!php
<?php
$path_plus_samesite = COOKIEPATH . '; samesite=strict';
}}}
It seems to work OK on Chrome and on Firefox 59 (the first Firefox version
to implement {{{SameSite}}}, currently in the beta channel).
I don’t know whether it would be acceptable to use such a hack in
WordPress core, but I thought it would be good to know that it exists.
Link: https://stackoverflow.com/questions/39750906/php-setcookie-samesite-
strict
Cheers!
--
Ticket URL: <https://core.trac.wordpress.org/ticket/37000#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list