bug #31475 [HttpFoundation] Allow set 'None' on samesite cookie flag …

…(markitosgv) This PR was merged into the 3.4 branch. Discussion ---------- [HttpFoundation] Allow set 'None' on samesite cookie flag Allow set samesite cookie flag to 'None' value | Q | A | ------------- | --- | Branch? | 3.4 | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | #31467 | License | MIT Google introduces new Chrome policy, marking all none setted samesite flag to 'Strict' by default. If you want to allow third party cookies you must set samesite flag to None. This PR fixes #31467, allow to put samesite Cookie flag to None. Commits ------- 8bac3d6 Allow set 'None' on samesite cookie flag
symfony · May 11, 2019 · 11f8a1e · 11f8a1e
2 parents c717083 + 8bac3d6
commit 11f8a1e
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/src/Symfony/Component/HttpFoundation/Cookie.php b/src/Symfony/Component/HttpFoundation/Cookie.php
@@ -28,6 +28,7 @@ class Cookie
     private $raw;
     private $sameSite;
 
+    const SAMESITE_NONE = 'none';
     const SAMESITE_LAX = 'lax';
     const SAMESITE_STRICT = 'strict';
 
@@ -128,7 +129,7 @@ public function __construct($name, $value = null, $expire = 0, $path = '/', $dom
             $sameSite = strtolower($sameSite);
         }
 
-        if (!\in_array($sameSite, [self::SAMESITE_LAX, self::SAMESITE_STRICT, null], true)) {
+        if (!\in_array($sameSite, [self::SAMESITE_LAX, self::SAMESITE_STRICT, self::SAMESITE_NONE, null], true)) {
             throw new \InvalidArgumentException('The "sameSite" parameter value is not valid.');
         }