Prestashop: CORS issue on BO 1.7.7, cookie for prestashop.com

Thanks for opening this issue! We will help you to keep its state consistent

Hello @matks ,

I was able to reproduce the issue with PrestaShop version 1.7.7.x & 1.7.6.7

Hi, this issue is affecting many customers with local payment methode, as the credit card processor return a non valide error.

we have try a workaround before redirect you card processor:

<script type="text/javascript"> document.cookie = 'SameSite=None; Secure'; </script>

but it does not work as there are 3 cookies and no name is given to set the Samesite to None

Please can you help us with the name of the cookie that this police have to be apply? thank you

Hi everyone, I am sharing some research from the cople of days:

This isuse is affecting all PS installation WW, this is due that on the new Chrome V80, if the cookie have not set the samesite attribute it plase it as Lax.

The main issue on PS is that on the line 379 of the class Cookie.php

return setcookie($this->_name, $content, $time, $this->_path, $this->_domain, $this->_secure, true);

you can not add the attribute samesite=none as is not supported by PHP <7.2, it have been added from >7.3

I have tryed to set the attibute using JS but I did not find a way to get the actual cookie name key an valued to set the attribute samesite to the existing cookie created by the Cookie class.

The ways that i found so far to solve the issue are:

1. by adding a code to the .htaccess:

<If "%{HTTP_USER_AGENT} !~ /(iPhone; CPU iPhone OS 1[0-2]|iPad; CPU OS 1[0-2]|iPod touch; CPU iPhone OS 1[0-2]|Macintosh; Intel Mac OS X.*Version\x2F1[0-2].*Safari|Macintosh;.*Mac OS X 10_14.* AppleWebKit.*Version\x2F1[0-3].*Safari)/i"> Header edit Set-Cookie ^(.*)$ $1;SameSite=None;Secure </If>

1. adding code to the server configuration:
   https://stackoverflow.com/questions/1617157/how-to-get-the-first-item-from-an-associative-php-array

The problem with this workarrounds is that is setting all cookies with samesite=none

Please if you find any other way to solve this, please let me know!

sorry i miss this:
i found this post to allow to add the samesite attibute using any PHP version but i did not find the way to make it work
https://github.com/ovunctukenmez/SameSiteCookieSetter

You'll be interested in https://github.com/PrestaShop/PrestaShop/pull/20601 I think

Hi Matks, thank you for your help, it solve the issue!

You'll be interested in #20601 I think

Hi Matks, if we apply this to Cookie.php the bachoffice does not open, any idea?

`
if (Configuration::get('PS_SSL_ENABLED') == 0){

        return setcookie($this->_name, $content, $time, $this->_path, $this->_domain, $this->_secure, true);
    }else{
        if (PHP_VERSION_ID < 70300) {
            return setcookie(
                $this->_name,
                $content,
                $time,
                $this->_path,
                $this->_domain . '; SameSite= None',
                $this->_secure,
                true
            );
        }
        return setcookie(
            $this->_name,
            $content,
            [
                'expires' => $time,
                'path' => $this->_path,
                'domain' => $this->_domain,
                'secure' => $this->_secure,
                'httponly' => true,
                'samesite' => 'None',
            ]
        );

`