Updated Cookies Attributes

* Set explicitly Cookie SameSite * Updated security policies for cookies Change-Id: Iaf23a0fcb599753c778108e29e03c8dcd573a4dc
2020-02-14 23:58:55 -03:00 · 2020-02-14 23:58:55 -03:00 · 9090f8c404
commit 9090f8c404
parent 87a701c098
3 changed files with 12 additions and 7 deletions
--- a/app/Services/OAuth2/PrincipalService.php
+++ b/app/Services/OAuth2/PrincipalService.php
@ -51,7 +51,8 @@ final class PrincipalService implements IPrincipalService
                $domain = Config::get("session.domain"),
                $secure = true,
                $httpOnly = false,
-                $sameSite = 'None'
+                $raw = false,
+                $sameSite = 'none'
            );
        }
        $principal->setState
@ -110,7 +111,8 @@ final class PrincipalService implements IPrincipalService
            $domain = Config::get("session.domain"),
            $secure = true,
            $httpOnly = false,
-            $sameSite = 'None'
+            $raw = false,
+            $sameSite = 'none'
        );
        Log::debug(sprintf("PrincipalService::register op_browser_state %s", $op_browser_state));
        Session::put(self::OPBrowserState, $op_browser_state);
@ -136,7 +138,8 @@ final class PrincipalService implements IPrincipalService
            $domain = Config::get("session.domain"),
            $secure = true,
            $httpOnly = false,
-            $sameSite = 'None'
+            $raw = false,
+            $sameSite = 'none'
        );
    }

--- a/app/libs/Auth/AuthService.php
+++ b/app/libs/Auth/AuthService.php
@ -130,7 +130,8 @@ final class AuthService implements IAuthService
            $domain = Config::get("session.domain"),
            $secure = true,
            $httpOnly = true,
-            $sameSite = 'None'
+            $raw = false,
+            $sameSite = 'none'
        );
    }

@ -312,7 +313,8 @@ final class AuthService implements IAuthService
            $domain = Config::get("session.domain"),
            $secure = true,
            $httpOnly = true,
-            $sameSite = 'None'
+            $raw = false,
+            $sameSite = 'none'
        );
    }

--- a/config/session.php
+++ b/config/session.php
@ -148,7 +148,7 @@ return [
    |
    */

-    'secure' => env('SESSION_COOKIE_SECURE', false),
+    'secure' => true,

    /*
    |--------------------------------------------------------------------------
@ -176,6 +176,6 @@ return [
   |
   */

-    'same_site' => null,
+    'same_site' => 'none',

 ];