SameSite cookie option could not be set to "none" #33926

ihmels · 2019-10-09T09:57:25Z

Symfony version(s) affected: 4.3.*

Description
The PR #31475 allows to set the samesite cookie flag to "none", but it is not allowed in the framework.session.cookie_samesite or remember_me.samesite config.

How to reproduce

# framework.yml
framework:
    session:
        cookie_samesite: 'none'

# or packages/security.yml
security:
    firewalls:
        main:
            remember_me:
              samesite: 'none'

Additional context

The value "none" is not allowed for path "framework.session.cookie_samesite".
Permissible values: null, "lax", "strict"

The text was updated successfully, but these errors were encountered:

This PR was merged into the 4.3 branch. Discussion ---------- Allow to set SameSite config to 'none' | Q | A | ------------- | --- | Branch? | 4.3 | Bug fix? | yes | New feature? | no | Deprecations? | no | Tickets | Fix #33926 | License | MIT | Doc PR | - Commits ------- eec7e8c Allow to set cookie_samesite to 'none'

ihmels mentioned this issue Oct 9, 2019

Allow to set SameSite config to 'none' #33927

Merged

javiereguiluz added Bug FrameworkBundle SecurityBundle labels Oct 9, 2019

carsonbot added the Status: Needs Review label Oct 9, 2019

nicolas-grekas closed this as completed Oct 9, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

SameSite cookie option could not be set to "none" #33926

SameSite cookie option could not be set to "none" #33926

ihmels commented Oct 9, 2019

SameSite cookie option could not be set to "none" #33926

SameSite cookie option could not be set to "none" #33926

Comments

ihmels commented Oct 9, 2019