Uploaded image for project: 'Planet4'
  1. Planet4
  2. PLANET-5320

P4 Cookies should implement the 'Secure' attribute

    XporterXMLWordPrintable

    Details

    • Type: Bug
    • Status: CLOSED
    • Priority: Should have
    • Resolution: Released
    • Affects Version/s: None
    • Fix Version/s: 2.38.1
    • Labels:
    • Story Points:
      3
    • P4 User role:
      Non-logged in, Logged in, Web Master
    • Section:
      Block: Cookies
    • P4 site:
      All sites
    • Track:
      Development
    • Repositories:
      planet4-master-theme, planet4-plugin-gutenberg-blocks

      Description

      Cookies set by P4 currently have:

      SameSite=None

      To make sure these cookies keep functioning in the future, a new attribute should be added

      SameSite=None; Secure

      This still allows cross-domain cookies, but restricts these cookies to be used in Secure domains only.

       

      This should not affect functionality, other than ensure proper functioning when browsers get more strict about rejecting these cookies.

       

      See:
      https://developer.mozilla.org/nl/docs/Web/HTTP/Headers/Set-Cookie/SameSite#Secure

        Gliffy Diagrams

          Attachments

            Activity

              People

              Assignee:
              dpivo Dylan Pivo
              Reporter:
              okeur Oscar Keur
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: