Skip to content
Snippets Groups Projects
Commit e6c4507c authored by catch's avatar catch
Browse files

Revert "Issue #3150614 by pfrenssen, cilefen, murilohp, FinnishFlash, mpp,... 

Revert "Issue #3150614 by pfrenssen, cilefen, murilohp, FinnishFlash, mpp, andypost, ranjith_kumar_k_u, vagelis-prokopiou, blazey, tsplash, Winn, alexpott, Berdir, mxr576: Set SameSite on session cookies"

This reverts commit a3bddae4.
parent bf064d28
No related branches found
No related tags found
28 merge requests!54479.5.x SF update,!5014Issue #3071143: Table Render Array Example Is Incorrect,!4868Issue #1428520: Improve menu parent link selection,!4289Issue #1344552 by marcingy, Niklas Fiekas, Ravi.J, aleevas, Eduardo Morales...,!4114Issue #2707291: Disable body-level scrolling when a dialog is open as a modal,!4100Issue #3249600: Add support for PHP 8.1 Enums as allowed values for list_* data types,!3630Issue #2815301 by Chi, DanielVeza, kostyashupenko, smustgrave: Allow to create...,!3600Issue #3344629: Passing null to parameter #1 ($haystack) of type string is deprecated,!2378Issue #2875033: Optimize joins and table selection in SQL entity query implementation,!2334Issue #3228209: Add hasRole() method to AccountInterface,!2062Issue #3246454: Add weekly granularity to views date sort,!1591Issue #3199697: Add JSON:API Translation experimental module,!1484Exposed filters get values from URL when Ajax is on,!1255Issue #3238922: Refactor (if feasible) uses of the jQuery serialize function to use vanillaJS,!1162Issue #3100350: Unable to save '/' root path alias,!1105Issue #3025039: New non translatable field on translatable content throws error,!1073issue #3191727: Focus states on mobile second level navigation items fixed,!10223132456: Fix issue where views instances are emptied before an ajax request is complete,!925Issue #2339235: Remove taxonomy hard dependency on node module,!877Issue #2708101: Default value for link text is not saved,!872Draft: Issue #3221319: Race condition when creating menu links and editing content deletes menu links,!844Resolve #3036010 "Updaters",!617Issue #3043725: Provide a Entity Handler for user cancelation,!579Issue #2230909: Simple decimals fail to pass validation,!560Move callback classRemove outside of the loop,!555Issue #3202493,!485Sets the autocomplete attribute for username/password input field on login form.,!30Issue #3182188: Updates composer usage to point at ./vendor/bin/composer
Hide whitespace changes
Inline Side-by-side
core/assets/scaffold/files/default.services.yml
+ 0
7
View file @ e6c4507c
......@@ -37,13 +37,6 @@ parameters:
# @default none
# cookie_domain: '.example.com'
#
# Set the SameSite cookie attribute: 'None', 'Lax', or 'Strict'. If set,
# this value will override the server value. See
# https://www.php.net/manual/en/session.security.ini.php for more
# information.
# @default no value
cookie_samesite: Lax
#
# Set the session ID string length. The length can be between 22 to 256. The
# PHP recommended value is 48. See
# https://www.php.net/manual/session.security.ini.php for more information.
......
core/misc/cspell/dictionary.txt
+ 0
1
View file @ e6c4507c
......@@ -1031,7 +1031,6 @@ safa
sameline
samename
sameorigin
samesite
sata
savepoints
sayre
......
core/modules/system/system.install
+ 0
22
View file @ e6c4507c
......@@ -1309,28 +1309,6 @@ function system_requirements($phase) {
}
}
// Check if the SameSite cookie attribute is set to a valid value. Since this
// involves checking whether we are using a secure connection this only makes
// sense inside an HTTP request, not on the command line.
if ($phase === 'runtime' && PHP_SAPI !== 'cli') {
$samesite = ini_get('session.cookie_samesite') ?: t('Not set');
// Check if the SameSite attribute is set to a valid value. If it is set to
// 'None' the request needs to be done over HTTPS.
$valid = match ($samesite) {
'Lax', 'Strict' => TRUE,
'None' => $request_object->isSecure(),
default => FALSE,
};
$requirements['php_session_samesite'] = [
'title' => t('SameSite cookie attribute'),
'value' => $samesite,
'severity' => $valid ? REQUIREMENT_OK : REQUIREMENT_WARNING,
'description' => t('This attribute should be explicitly set to Lax, Strict or None. If set to None then the request must be made via HTTPS. See <a href=":url" target="_blank">PHP documentation</a>', [
':url' => 'https://www.php.net/manual/en/session.configuration.php#ini.session.cookie-samesite',
]),
];
}
// See if trusted hostnames have been configured, and warn the user if they
// are not set.
if ($phase == 'runtime') {
......
core/tests/Drupal/Tests/Core/Session/SessionConfigurationTest.php
+ 0
11
View file @ e6c4507c
......@@ -116,17 +116,6 @@ public function testCookieSecure($uri, $expected_secure) {
$this->assertEquals($expected_secure, $options['cookie_secure']);
}
/**
* Test that session.cookie_samesite is configured correctly.
*/
public function testSameSiteCookie() {
$request = Request::create('https://example.com');
$config = $this->createSessionConfiguration(['cookie_samesite' => 'Strict']);
$options = $config->getOptions($request);
$this->assertEquals('Strict', $options['cookie_samesite']);
}
/**
* Tests that session.cookie_secure ini settings cannot be overridden.
*
......
sites/default/default.services.yml
+ 0
7
View file @ e6c4507c
......@@ -37,13 +37,6 @@ parameters:
# @default none
# cookie_domain: '.example.com'
#
# Set the SameSite cookie attribute: 'None', 'Lax', or 'Strict'. If set,
# this value will override the server value. See
# https://www.php.net/manual/en/session.security.ini.php for more
# information.
# @default no value
cookie_samesite: Lax
#
# Set the session ID string length. The length can be between 22 to 256. The
# PHP recommended value is 48. See
# https://www.php.net/manual/session.security.ini.php for more information.
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment