Vulnerability mitigation - revert secure cookies by default

2021-06-01 10:52:51 -04:00
parent 0a39b60eee
commit c2fb21c570
19 changed files with 106 additions and 99 deletions
--- a/src/Misc/Csrf.php
+++ b/src/Misc/Csrf.php
@@ -19,9 +19,9 @@ class Csrf

                setcookie ( self::makeCookieName($page), $token->cookietoken, [
                    'expires' => $token->expiry,
-                    'secure' => true,
-                    'httponly' => true,
-                    'samesite' => 'Strict',
+                    'secure' => false,
+                    'httponly' => false,
+                    'samesite' => 'Lax',
                ]);

 		return $_SESSION['csrftokens'][$page] = $token;