[wp-trac] [WordPress Trac] #37000: Support for the SameSite cookie attribute
WordPress Trac
noreply at wordpress.org
Fri Apr 10 02:30:10 UTC 2020
#37000: Support for the SameSite cookie attribute
-------------------------------------------------+-------------------------
Reporter: johnbillion | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Future
| Release
Component: Security | Version:
Severity: normal | Resolution:
Keywords: has-patch dev-feedback needs- | Focuses:
refresh needs-dev-note | administration
-------------------------------------------------+-------------------------
Comment (by SteelWagstaff):
Hi -- I'm the product manager for Pressbooks, an open source publishing
tool built on WordPress multisite. We're in that small subset of users who
need
> to embed wp-admin or authenticated state of their site into some other
one via iframe
as described by @mikhailroot. We do this when our tool is securely
embedded within a learning management system using the LTI specification.
In order for the LTI connection to work as expected in Chrome, we need to
be able to set WP authorization cookies to SameSite=`None`. We're using
PHP 7.3, which added an options array supporting the setting of SameSite
attributes, but I don't know how we can set this value without forking
core WordPress, which we're very reticent to do. Ideas/suggestions
welcomed!
--
Ticket URL: <https://core.trac.wordpress.org/ticket/37000#comment:25>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list