search

whitecube / laravel-cookie-consent

Register, configure and ask for cookies consent in a EU-compliant way
MIT License
312 stars 37 forks source link

Consent Cookie Always Secure #12

Closed atoff closed 10 months ago

atoff commented 1 year ago

Hi - love this package by the way!

When recently testing my app locally using a non-seucre localhost alias (e.g. http://myapp.test) I encountered a problem whereby consenting doesn't result in a cookie being set.

I believe this to be due to the consent cookie being forced to be secure: true. This works fine in production, and it appears browsers allow it in localhost, but when using an alias through altering the hosts file etc, every time my page reloads it pops up as the consent cookie doesn't get set. Additionally, I think if people want their site to operate over http for some reason, then this currently wouldn't work for them either.

I see two possible solutions; respecting config('session.secure') (I think this should just require removing the explicit secure: true here as the CookieJar will use this setting by default), or setting secure: false when the environment is local (or not production)

toonvandenbos commented 10 months ago

Hi @atoff,

Thanks for this thorough analysis & solution, which has been implemented by @jornatf in #21 and will be released shortly. It is the environment (local/not production) approach that has been chosen, I'm still a little conflicted but I think this is a good solution for now.