Make i18n_redirect cookie security configurable

Question

Make i18n_redirect cookie security configurable

tomhatzer opened this issue 3 years ago · comments

Q	A
Bug report?	no
Feature request?	yes
BC Break report?	no
RFC?	no

Hey there! 👋

Currently the i18n_redirect cookie is stored without secure flag, but with HttpOnly using the Symfony Cookie class. Would it be possible to make this configurable so setting the SameSite flag and the secure flag by a config value?

If so, would you be ok with accepting a PR that adds this functionality? I'd create 2 PRs then, one for 3.x and one for 4.x.

Thank you very much!

Best wishes
Tom

Stefan Hagspiel · Answer 1 · Wed Dec 08 2021 02:49:44 GMT+0800 (China Standard Time)

Hey @tomhatzer, yes these are the defaults. I remember that i tried to change that but then I think you need to change the whole framework.session.cookie_samesite to lax but I'm not sure anymore... 🤔

However, providing a configurable cookie is a good idea - so go ahead!

Thank you!

Tom Hatzer · Answer 2 · Sat Dec 18 2021 03:47:19 GMT+0800 (China Standard Time)

Hey @solverat, I've created the 2 PRs.

I didn't add the config options to the i18n.redirector.cookie configuration as I wasn't sure if it would be correct in there as the helper class is available for everything else too and maybe there will be additions in the future that could also profit from custom settings.

Please feel free to comment and discuss. 🥳

Thank you very much and have a great weekend! 👋

Best wishes
Tom

Stefan Hagspiel · Answer 3 · Mon Jan 03 2022 16:39:19 GMT+0800 (China Standard Time)

@tomhatzer released in 3.2.9 and 4.0.3. Thank you!