Framework: [5.8] SameSite=None support
- Laravel Version: 5.8
Description:
Google introduces new Chrome policy, marking all Cookie without SameSite flag to 'strict' by default. If you want to allow third party cookies you must set samesite flag to 'none'.
For cookie related logic laravel uses symfony/http-foundation and they already have released the support for it. There is no mention of it in the laravel configuration, but the config/session.php says that only 'strict' and 'lax' are supported, where we need 'none'.
Symfony Ticket: symfony/symfony#31475
Can we set it to 'none' regardless, or if not possible, when is this expected to be possible? This problem has been known for a while, and it is only a few days until Chrome enforces it.
DokterExpivi
All 5 comments
Hey there,
Unfortunately we don't support this version anymore. Please check out our support policy on which versions we are currently supporting. Can you please try to upgrade to the latest version and see if your problem persists? We'll help you out and re-open this issue if so.
Thanks!
driesvints
on 28 Jan 2020
Fortunately, I found out that setting this setting to none is perfectly valid.
DokterExpivi
on 28 Jan 2020
Fortunately, I found out that setting this setting to
noneis perfectly valid.
your issue is resolved? with which version?
WajahatAnwar
on 14 Mar 2020
Had the same problem. Change the ff lines to:
'secure' => env('SESSION_SECURE_COOKIE', true),
'same_site' => 'none',
in config/session.php
paoloramos
on 14 Aug 2020
If you change same_site to something other than null I'd definitely advise testing your work in Safari 12.x if that's relevant to you, as it has a related bug on both macOS and iOS (See https://github.com/Fyrd/caniuse/issues/4813).
jeff-h
on 26 Oct 2020
Related issues
CupOfTea696
路
3Comments
jackmu95
路
3Comments
lzp819739483
路
3Comments
ghost
路
3Comments
kerbylav
路
3Comments
Most helpful comment
Had the same problem. Change the ff lines to:
in config/session.php