Merge pull request #1488 from mambax7/feature/Lax

change samesite to Lax

Author: mambax7

htdocs/class/logger/render.php

@@ -186,7 +186,7 @@ function xoLogCreateCookie(name,value,days)
             date.setTime(date.getTime()+(days*24*60*60*1000));
             var expires = "; expires="+date.toGMTString();
         } else var expires = "";
-        document.cookie = name+"="+value+expires+";path=/;samesite=strict;";
+        document.cookie = name+"="+value+expires+";path=/;samesite=Lax;";
     }
     function xoLogReadCookie(name)
     {

htdocs/include/xoopssetcookie.php

@@ -17,7 +17,7 @@
  * @author          Richard Griffith <[email protected]>
  *
  * This exists to bring samesite support to php versions before 7.3, and
- * it treats the default as samesite=strict
+ * it treats the default as samesite=Lax
  *
  * It supports both of the two declared signatures:
  * - setcookie ( string $name , string $value = "" , int $expires = 0 , string $path = "" , string $domain = "" , bool $secure = false , bool $httponly = false ) : bool
@@ -51,8 +51,8 @@ function xoops_setcookie()
         }
     }
 
-    // make samesite=strict the default
-    $args['options']['samesite'] ??= 'strict';
+    // make samesite=Lax the default
+    $args['options']['samesite'] ??= 'Lax';
     if (!isset($args['value'])){
         $args['value'] = '';
     }

htdocs/install/include/common.inc.php

@@ -57,7 +57,7 @@ function fatalPhpErrorHandler($e = null) {
     'domain'   => null,
     'secure'   => false,
     'httponly' => true,
-    'samesite' => 'strict',
+    'samesite' => 'Lax',
 ];
 // options for mainfile.php
 if (empty($xoopsOption['hascommon'])) {

htdocs/kernel/session.php

@@ -89,7 +89,7 @@ public function __construct(XoopsDatabase $db)
                 'domain'   => XOOPS_COOKIE_DOMAIN,
                 'secure'   => $secure,
                 'httponly' => true,
-                'samesite' => 'strict',
+                'samesite' => 'Lax',
             ];
             session_set_cookie_params($options);
         } else {

htdocs/modules/system/js/admin.js

@@ -244,7 +244,7 @@ function system_createCookie(name, value, days) {
         var expires = "; expires=" + date.toGMTString();
     }
     else var expires = "";
-    document.cookie = name + "=" + value + expires + ";path=/;samesite=strict;";
+    document.cookie = name + "=" + value + expires + ";path=/;samesite=Lax;";
 }
 function system_readCookie(name) {
     var nameEQ = name + "=";

htdocs/modules/system/themes/default/js/styleswitch.js

@@ -51,7 +51,7 @@ function createCookie(name,value,days)
         var expires = "; expires="+date.toGMTString();
     }
     else var expires = "";
-    document.cookie = name+"="+value+expires+";path=/;samesite=strict;";
+    document.cookie = name+"="+value+expires+";path=/;samesite=Lax;";
 }
 function readCookie(name)
 {

htdocs/modules/system/themes/transition/js/styleswitch.js

@@ -69,7 +69,7 @@ function createCookie(name,value,days)
         var expires = "; expires="+date.toGMTString();
     }
     else var expires = "";
-    document.cookie = name+"="+value+expires+";path=/;samesite=strict;";
+    document.cookie = name+"="+value+expires+";path=/;samesite=Lax;";
 }
 function readCookie(name)
 {

htdocs/themes/xswatch4/js/cookieconsent.min.js

@@ -89,7 +89,7 @@
             toolbar_cookie = 'off';
             xswatchToolbarIndOff();
         }
-        Cookies.set('xswatch-toolbar', toolbar_cookie, { expires: 365, sameSite: 'strict' });
+        Cookies.set('xswatch-toolbar', toolbar_cookie, { expires: 365, sameSite: 'Lax' });
     }
     // set initial conditions based on cookie
     var toolbar_cookie = Cookies.get('xswatch-toolbar');