X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?p=catagits%2FCatalyst-Plugin-Session-State-Cookie.git;a=blobdiff_plain;f=lib%2FCatalyst%2FPlugin%2FSession%2FState%2FCookie.pm;h=a55bdfded18364a04e4cad4ef38db2e047e61055;hp=2e7a2a13eb52508133d875de96be9b84c71c0030;hb=28b6b575312cf0cb2ef57823028796aa050ec38a;hpb=58b695072bcbcc0346af9406216c19c761326da8 diff --git a/lib/Catalyst/Plugin/Session/State/Cookie.pm b/lib/Catalyst/Plugin/Session/State/Cookie.pm index 2e7a2a1..a55bdfd 100644 --- a/lib/Catalyst/Plugin/Session/State/Cookie.pm +++ b/lib/Catalyst/Plugin/Session/State/Cookie.pm @@ -7,7 +7,8 @@ extends 'Catalyst::Plugin::Session::State'; use MRO::Compat; use Catalyst::Utils (); -our $VERSION = "0.17"; +our $VERSION = '0.17'; +$VERSION =~ tr/_//d; has _deleted_session_id => ( is => 'rw' ); @@ -81,6 +82,10 @@ sub make_session_cookie { $cookie->{httponly} = 1 unless defined $cookie->{httponly}; # default = 1 (set httponly) + $cookie->{samesite} = $cfg->{cookie_samesite}; + $cookie->{samesite} = "Lax" + unless defined $cookie->{ samesite}; # default = Lax + return $cookie; } @@ -255,6 +260,26 @@ that this cookie works only over HTTP and not over HTTPS. Note2: This parameter requires Catalyst::Runtime 5.80005 otherwise is skipped. +=item cookie_samesite + +This attribute configures the value of the +L +flag. + +If set to None, the cookie will be sent when making cross origin requests, +including following links from other origins. This requires the +L flag to be set. + +If set to Lax, the cookie will not be included when embedded in or fetched from +other origins, but will be included when following cross origin links. + +If set to Strict, the cookie will not be included for any cross origin requests, +including links from different origins. + +Default value is C. This is the default modern browsers use. + +Note: This parameter requires Catalyst::Runtime 5.90125 otherwise is skipped. + =item cookie_path The path of the request url where cookie should be baked.