Cookie sameSite attribute
knutov opened this issue · 0 comments
knutov commented
Cookie “dancer.session” will be soon rejected because it has the “sameSite” attribute set to “none” or an invalid value, without the “secure” attribute. To know more about the “sameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite
I found the problem can be solved that way:
PERL_CPANM_OPT=" --notest " cpanm Dancer@1.3514_03
add session_same_site: Strict
to config.yml
Download to the local folder and edit Dancer::Session::Cookie.pm
:
sub _cookie_params {
my $self = shift;
my $name = $self->session_name;
my $duration = $self->_session_expires_as_duration;
my %cookie = (
name => $name,
value => $self->_cookie_value,
path => setting('session_cookie_path') || '/',
domain => setting('session_domain'),
secure => setting('session_secure'),
http_only => setting("session_is_http_only") // 1, # <- changed
same_site => setting("session_same_site"), # <- changed
);
if ( defined $duration ) {
$cookie{expires} = time + $duration;
}
return %cookie;
}
Would you please make new release with this changes, if they are ok?