Make i18n_redirect cookie security configurable
tomhatzer opened this issue Β· comments
Q | A |
---|---|
Bug report? | no |
Feature request? | yes |
BC Break report? | no |
RFC? | no |
Hey there! π
Currently the i18n_redirect
cookie is stored without secure
flag, but with HttpOnly using the Symfony Cookie class. Would it be possible to make this configurable so setting the SameSite
flag and the secure
flag by a config value?
If so, would you be ok with accepting a PR that adds this functionality? I'd create 2 PRs then, one for 3.x and one for 4.x.
Thank you very much!
Best wishes
Tom
Hey @tomhatzer, yes these are the defaults. I remember that i tried to change that but then I think you need to change the whole framework.session.cookie_samesite
to lax
but I'm not sure anymore... π€
However, providing a configurable cookie is a good idea - so go ahead!
Thank you!
Hey @solverat, I've created the 2 PRs.
I didn't add the config options to the i18n.redirector.cookie
configuration as I wasn't sure if it would be correct in there as the helper class is available for everything else too and maybe there will be additions in the future that could also profit from custom settings.
Please feel free to comment and discuss. π₯³
Thank you very much and have a great weekend! π
Best wishes
Tom
@tomhatzer released in 3.2.9 and 4.0.3. Thank you!