fullfatthings/samesiteexceptions

provide exceptions to the same site flag depending on browser strings

Maintainers

Details

github.com/fullfatthings/samesiteexceptions

Source

Issues

Installs: 24 122

Dependents: 0

Suggesters: 0

Security: 0

Stars: 2

Watchers: 3

Forks: 2

Open Issues: 0

v1.0.3 2021-01-28 17:41 UTC

Requires

  • php: >=5.3

Requires (Dev)

Apache-2.0 68034530d820ddc2c90b9dc9828ddc07734adb34

  • Jeremy French <jeremy.woop@fullfatthings.com>

This package is auto-updated.

Last update: 2025-04-29 01:02:01 UTC

README

PHP Tests codecov

This is a light weight library you can include if you need to set samesite cookies but also need to account for older browsers that have issues with accepting them.

There is currently a backwards compatible breaking change in the way Chrome 70+ handles cookies, this means that you have to set SameSite=None as a cookie header for some cross site cookies to work in Chrome, but some older browsers will reject this cookie and fail to work. This library will set an appropriate SameSite header for the current user agent.

It is a PHP version of the pseudocode outlined here

Usage

To include this in in your application type composer require fullfatthings/samesiteexceptions

Then when you are setting a cookie with a same site value use

$safe_value = \FullFatThings\SameSiteException\SameSiteException::getSafeString($same_site_value);

If the safe value returned is null you should not add a samesite value (even blank) to the cookie you are setting.