Open clarkwinkelmann opened 3 years ago
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. We do this to keep the amount of open issues to a manageable minimum. In any case, thanks for taking an interest in this software and contributing by opening the issue in the first place!
Still interested to hear feedback from others on this.
There's still likely very few people who will be impacted by this. The only situation could be extensions that try to read/share the guest locale across domains or frontend/backend, or an extension that would add some sort of widgets in iframes and also be used in multi-lingual settings without being logged in.
If we moved the change language feature to an API/forum endpoint, we could use the CookieFactory on the PHP side and all of its benefits.
An endpoint to change the language would be the best approach imho
The
locale
cookie used for switching the language of guests uses different settings from the Flarum cookies, and cannot be customized viaconfig.php
like the other cookies.The cookie is actually defined in the frontend https://github.com/flarum/core/blob/fa10d794a40c11d7eea321e1728879a80d397a57/js/src/forum/components/HeaderSecondary.js#L45
Meaning it's not following any of the default or custom rules used by
CookieFactory
https://github.com/flarum/core/blob/fa10d794a40c11d7eea321e1728879a80d397a57/src/Http/CookieFactory.php#L61-L66In particular, neither name, path or domain can be customized by site owners. Since the cookie isn't even prefixed with
flarum_
, there's a higher chance of conflict with another software, or if two Flarum installations are present in different subfolders.I'm not sure how/if we want to fix that. If we moved the change language feature to an API/forum endpoint, we could use the
CookieFactory
on the PHP side and all of its benefits.It's probably not a big issue, considering the defaults are quite sensible and that it won't create any issue on the large majority of forums. I noticed this while working on a solution that would allow different features of Flarum to use different subdomains, and realized I couldn't customize the cookie to be present on the top level domain to apply globally. I also noticed it's not possible to customize the SameSite value, so maybe there's also an issue with switching language inside of an iframe?