config:samesitecookie
Configuration Setting: samesitecookie
This configures the samesite cookie attribute of cookies set by DokuWiki.
- Type: String
- Default:
Lax
Quoting MDN:
WithStrict
, the browser only sends the cookie with requests from the cookie's origin site.Lax
is similar, except the browser also sends the cookie when the user navigates to the cookie's origin site (even if the user is coming from a different site). For example, by following a link from an external site.None
specifies that cookies are sent on both originating and cross-site requests, but only in secure contexts (i.e., if SameSite=None then the Secure attribute must also be set). If no SameSite attribute is set, the cookie is treated as Lax.
Please note that leaving the attribute empty might differ slightly from Lax
depending on Browser implementation details.
Quoting Michitux on the pull request implementing this feature:
Chrome's SameSite=Lax by default behavior sends cookies that are less than two minutes old in top-level cross-origin POST requests. According to SameSite Updates, this should be temporary but I couldn't find any information about this actually being phased out.
See also
config/samesitecookie.txt · Last modified: 2024-02-06 14:08 by andi