From ca43d64e722f80ed91871c9ea31fbc7660aa9147 Mon Sep 17 00:00:00 2001 From: Hans Zandbelt Date: Mon, 3 Feb 2020 10:34:10 +0100 Subject: [PATCH 17/19] fix: also add SameSite=None to by-value session cookies bump to 2.4.2rc0 Signed-off-by: Hans Zandbelt (cherry picked from commit f6798246abc8fd8f865db313439882ac9f5771f3) --- ChangeLog | 4 ++++ src/session.c | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index b67f764..3db7110 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +02/03/2020 +- fix: also add SameSite=None to by-value session cookies +- bump to 2.4.2rc0 + 01/29/2020 - always add a SameSite value to the Set-Cookie header to satisfy upcoming Chrome/Firefox changes this can be overridden by using, e.g.: diff --git a/src/session.c b/src/session.c index cd9ccb8..e7194bd 100644 --- a/src/session.c +++ b/src/session.c @@ -249,7 +249,7 @@ static apr_byte_t oidc_session_save_cookie(request_rec *r, oidc_session_t *z, (first_time ? OIDC_COOKIE_EXT_SAME_SITE_LAX : OIDC_COOKIE_EXT_SAME_SITE_STRICT) : - NULL); + OIDC_COOKIE_EXT_SAME_SITE_NONE); return TRUE; } -- 2.26.2