Module for developer and debug tools for use with laminas-mvc applications.
BSD 3-Clause "New" or "Revised" License
23
stars
13
forks
source link
Toolbar hidden will soon not be remembered because of cookie settings #44
Open
Koen1999 opened 2 years ago
Bug Report
Summary
Firefox warns about the
laminas-hidden
cookie. In specific, it references the following documentation: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite#samesitenone_requires_secureThe problem is that the cookie will be rejected by future browser versions.
Current behavior
laminas-hidden
cookie is set withSameSite=None
and withoutsecure
.I believe the code responsible for this behaviour is located here: https://github.com/laminas/laminas-developer-tools/blob/2.4.x/view/laminas-developer-tools/toolbar/toolbar.js
How to reproduce
Enable the laminas-developer-tools toolbar. Visit your website. Observe the console output of your browser.
Expected behavior
No warnings should be thrown.
Since not all websites under development are served over a secure connection, I propose setting
SameSite=Lax
.