From 08b9310e6d8fc83e785213aab95afbec4d248c0f Mon Sep 17 00:00:00 2001
From: Frederik Bosch <f.bosch@genkgo.nl>
Date: Fri, 7 Jul 2017 19:06:53 +0200
Subject: implement same site cookie see https://bugs.php.net/bug.php?id=72230
 see https://tools.ietf.org/html/draft-west-first-party-cookies-07 see
 https://scotthelme.co.uk/csrf-is-dead/

---
 php.ini-development | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'php.ini-development')

diff --git a/php.ini-development b/php.ini-development
index af2cf1092f..9edeb0780a 100644
--- a/php.ini-development
+++ b/php.ini-development
@@ -1390,6 +1390,11 @@ session.cookie_domain =
 ; http://php.net/session.cookie-httponly
 session.cookie_httponly =
 
+; Add SameSite attribute to cookie to help mitigate Cross-Site Request Forgery (CSRF/XSRF)
+; Current valid values are "Lax" or "Strict"
+; https://tools.ietf.org/html/draft-west-first-party-cookies-07
+session.cookie_samesite =
+
 ; Handler used to serialize data. php is the standard serializer of PHP.
 ; http://php.net/session.serialize-handler
 session.serialize_handler = php
-- 
cgit v1.2.1