[wp-trac] [WordPress Trac] #37000: Support for the SameSite cookie attribute
WordPress Trac
noreply at wordpress.org
Wed Feb 5 09:43:15 UTC 2020
#37000: Support for the SameSite cookie attribute
-------------------------------------------------+-------------------------
Reporter: johnbillion | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: 5.4
Component: Security | Version:
Severity: normal | Resolution:
Keywords: has-patch dev-feedback needs- | Focuses:
refresh | administration
-------------------------------------------------+-------------------------
Comment (by mikhailroot):
By default Chrome will treat missing SameSite param as `Lax`, so most of
users will be treated well out of the box. (https://web.dev/samesite-
cookies-explained/)
If certain amount of users require to manage this part they will update to
PHP 7.3.0 + (e.g. they might require to embed wp-admin or authenticated
state of their site into some other one via iframe - they need to set it
to `None`).
There's no big need to have polyfill code to run for everyone to try to
support older php versions, which don't support new setcookie syntax which
supports `SameSite` param.
That's why i came up with this simpler solution
https://core.trac.wordpress.org/attachment/ticket/37000/pluggable.diff
--
Ticket URL: <https://core.trac.wordpress.org/ticket/37000#comment:20>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list