diff options
author | Nikita Popov <nikita.ppv@gmail.com> | 2020-03-18 16:00:23 +0100 |
---|---|---|
committer | Nikita Popov <nikita.ppv@gmail.com> | 2020-03-18 16:00:23 +0100 |
commit | f768a5563f0f395b7e949d5f896a6bbae97f76c7 (patch) | |
tree | 4b48cc09cd09ec5cb01278148f80bd64b291421e /php.ini-production | |
parent | 12cdab2d76d5c98fb2e5a9f1d07a20328f1efac7 (diff) | |
parent | 10bf541fd9eb7b42503459065a0474b6f0e37a7b (diff) | |
download | php-git-f768a5563f0f395b7e949d5f896a6bbae97f76c7.tar.gz |
Merge branch 'PHP-7.4'
* PHP-7.4:
Clarify session.cookie_samesite="None"
Diffstat (limited to 'php.ini-production')
-rw-r--r-- | php.ini-production | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/php.ini-production b/php.ini-production index 940e4d7527..fd9cffa639 100644 --- a/php.ini-production +++ b/php.ini-production @@ -1378,7 +1378,8 @@ session.cookie_domain = session.cookie_httponly = ; Add SameSite attribute to cookie to help mitigate Cross-Site Request Forgery (CSRF/XSRF) -; Current valid values are "Lax" or "Strict" +; Current valid values are "Strict", "Lax" or "None". When using "None", +; make sure to include the quotes, as `none` is interpreted like `false` in ini files. ; https://tools.ietf.org/html/draft-west-first-party-cookies-07 session.cookie_samesite = |