Toolbar hidden will soon not be remembered because of cookie settings - Githubissues

laminas / laminas-developer-tools

Module for developer and debug tools for use with laminas-mvc applications.

BSD 3-Clause "New" or "Revised" License

23 stars 13 forks source link

Toolbar hidden will soon not be remembered because of cookie settings #44

Open Koen1999 opened 2 years ago

Koen1999 commented 2 years ago

Bug Report

Q	A
Version(s)	2.4.0

Summary

Firefox warns about the laminas-hidden cookie. In specific, it references the following documentation: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite#samesitenone_requires_secure

The problem is that the cookie will be rejected by future browser versions.

Current behavior

laminas-hidden cookie is set with SameSite=None and without secure.

I believe the code responsible for this behaviour is located here: https://github.com/laminas/laminas-developer-tools/blob/2.4.x/view/laminas-developer-tools/toolbar/toolbar.js

How to reproduce

Enable the laminas-developer-tools toolbar. Visit your website. Observe the console output of your browser.

Expected behavior

No warnings should be thrown.

Since not all websites under development are served over a secure connection, I propose setting SameSite=Lax.