mirror of
https://github.com/getgrav/grav.git
synced 2025-02-20 19:56:53 +01:00
Revert "Allow to set SameSite from system.yaml (#3063)"
This reverts commit 0b41eea2bb.
This commit is contained in:
Andy Miller
parent
5cdeb28e6b
commit
08304d5064
|
|
@ -1223,12 +1223,6 @@ form:
|
|||
label: PLUGIN_ADMIN.SESSION_PATH
|
||||
help: PLUGIN_ADMIN.SESSION_PATH_HELP
|
||||
|
||||
session.samesite:
|
||||
type: text
|
||||
size: small
|
||||
label: PLUGIN_ADMIN.SESSION_SAMESITE
|
||||
help: PLUGIN_ADMIN.SESSION_SAMESITE_HELP
|
||||
|
||||
session.split:
|
||||
type: toggle
|
||||
label: PLUGIN_ADMIN.SESSION_SPLIT
|
||||
|
|
|
|||
|
|
@ -161,7 +161,6 @@ session:
|
|||
uniqueness: path # Should sessions be `path` based or `security.salt` based
|
||||
secure: false # Set session secure. If true, indicates that communication for this cookie must be over an encrypted transmission. Enable this only on sites that run exclusively on HTTPS
|
||||
httponly: true # Set session HTTP only. If true, indicates that cookies should be used only over HTTP, and JavaScript modification is not allowed.
|
||||
samesite: # Set session SameSite. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
|
||||
split: true # Sessions should be independent between site and plugins (such as admin)
|
||||
path:
|
||||
|
||||
|
|
|
|||
|
|
@ -36,7 +36,6 @@ class SessionServiceProvider implements ServiceProviderInterface
|
|||
$cookie_httponly = (bool)$config->get('system.session.httponly', true);
|
||||
$cookie_lifetime = (int)$config->get('system.session.timeout', 1800);
|
||||
$cookie_path = $config->get('system.session.path');
|
||||
$cookie_samesite = $config->get('system.session.samesite');
|
||||
if (null === $cookie_path) {
|
||||
$cookie_path = '/' . trim(Uri::filterPath($uri->rootUrl(false)), '/');
|
||||
}
|
||||
|
|
@ -88,8 +87,7 @@ class SessionServiceProvider implements ServiceProviderInterface
|
|||
'cookie_path' => $cookie_path,
|
||||
'cookie_domain' => $cookie_domain,
|
||||
'cookie_secure' => $cookie_secure,
|
||||
'cookie_httponly' => $cookie_httponly,
|
||||
'cookie_samesite' => $cookie_samesite
|
||||
'cookie_httponly' => $cookie_httponly
|
||||
] + (array) $config->get('system.session.options');
|
||||
|
||||
$session = new Session($options);
|
||||
|
|
|
|||
|
|
@ -135,7 +135,6 @@ class Session implements SessionInterface
|
|||
'use_strict_mode' => true,
|
||||
'use_cookies' => true,
|
||||
'use_only_cookies' => true,
|
||||
'cookie_samesite' => true,
|
||||
'referer_check' => true,
|
||||
'cache_limiter' => true,
|
||||
'cache_expire' => true,
|
||||
|
|
@ -212,19 +211,14 @@ class Session implements SessionInterface
|
|||
if ($sessionExists) {
|
||||
$params = session_get_cookie_params();
|
||||
|
||||
$cookie_options = array (
|
||||
'expires' => time() + $params['lifetime'],
|
||||
'path' => $params['path'],
|
||||
'domain' => $params['domain'],
|
||||
'secure' => $params['secure'],
|
||||
'httponly' => $params['httponly'],
|
||||
'samesite' => $params['samesite']
|
||||
);
|
||||
|
||||
setcookie(
|
||||
$sessionName,
|
||||
session_id(),
|
||||
$cookie_options
|
||||
time() + $params['lifetime'],
|
||||
$params['path'],
|
||||
$params['domain'],
|
||||
$params['secure'],
|
||||
$params['httponly']
|
||||
);
|
||||
}
|
||||
|
||||
|
|
@ -237,20 +231,14 @@ class Session implements SessionInterface
|
|||
public function invalidate()
|
||||
{
|
||||
$params = session_get_cookie_params();
|
||||
|
||||
$cookie_options = array (
|
||||
'expires' => time() - 42000,
|
||||
'path' => $params['path'],
|
||||
'domain' => $params['domain'],
|
||||
'secure' => $params['secure'],
|
||||
'httponly' => $params['httponly'],
|
||||
'samesite' => $params['samesite']
|
||||
);
|
||||
|
||||
setcookie(
|
||||
session_name(),
|
||||
'',
|
||||
$cookie_options
|
||||
time() - 42000,
|
||||
$params['path'],
|
||||
$params['domain'],
|
||||
$params['secure'],
|
||||
$params['httponly']
|
||||
);
|
||||
|
||||
if ($this->isSessionStarted()) {
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user