TPS/birzha
TPS
/
birzha
5
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add Same-Site Cookie configuration option (#3688) 

Adds the session.same_site config key in the default session.php config file from Laravel. Credit to @nathan-van-der-werf & @Teranode
This commit is contained in:
Nathan van der Werf 2018-08-16 19:44:18 +02:00 committed by Luke Towers
parent bf0f1faa4f
commit 80942fa2d7
1 changed files with 19 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
config/session.php
View File

@ -150,4 +150,23 @@ return [
'secure' => false,
/*
|--------------------------------------------------------------------------
| Same-Site Cookies
|--------------------------------------------------------------------------
|
| This option determines how your cookies behave when cross-site requests
| take place, and can be used to mitigate CSRF attacks. By default, we
| do not enable this as other CSRF protection services are in place.
|
| In the strict mode, the cookie is not sent with any cross-site usage
| even if the user follows a link to another website. Lax cookies are
| only sent with a top-level get request.
|
| Supported: "lax", "strict"
|
*/
'same_site' => null,
];