diff options
| author | Tim Starling <tstarling@wikimedia.org> | 2024-01-17 11:45:34 +1100 |
|---|---|---|
| committer | Gergő Tisza <tgr.huwiki@gmail.com> | 2024-02-06 16:25:38 -0800 |
| commit | 7c81d82d764eec99ff59c008270c7d66556d8f92 (patch) | |
| tree | dd75d9f938c9bbae77449ca6409217da775cd952 /resources/src/mediawiki.cookie | |
| parent | 0e593c7a28ca8a221294fa40fed46db7d2994f60 (diff) | |
| download | mediawikicore-7c81d82d764eec99ff59c008270c7d66556d8f92.tar.gz mediawikicore-7c81d82d764eec99ff59c008270c7d66556d8f92.zip | |
Stop using $wgUseSameSiteLegacyCookies
* Deprecate the wgUseSameSiteLegacyCookies configuration variable and
imply false (the previous default).
* Deprecate WebRequest::getCrossSiteCookie(), which was introduced to
support this feature.
* Ignore the sameSiteLegacy option if it is passed to
WebResponse::setCookie() or mediawiki.cookie.set(). The configuration
variable can't be removed until the after the JS change is deployed.
Bug: T344791
Change-Id: I30392ebc02809bc6b6ee2070d3e468e48d5d1fae
Diffstat (limited to 'resources/src/mediawiki.cookie')
| -rw-r--r-- | resources/src/mediawiki.cookie/index.js | 13 | ||||
| -rw-r--r-- | resources/src/mediawiki.cookie/types.js | 4 |
2 files changed, 4 insertions, 13 deletions
diff --git a/resources/src/mediawiki.cookie/index.js b/resources/src/mediawiki.cookie/index.js index 1c233565e70a..975c8e516cff 100644 --- a/resources/src/mediawiki.cookie/index.js +++ b/resources/src/mediawiki.cookie/index.js @@ -7,8 +7,7 @@ var config = require( './config.json' ), path: config.path, expires: config.expires, secure: false, - sameSite: '', - sameSiteLegacy: config.sameSiteLegacy + sameSite: '' }, jar = require( './jar.js' ); @@ -56,7 +55,7 @@ mw.cookie = { */ set: function ( key, value, options ) { - var prefix, date, sameSiteLegacy; + var prefix, date; // The 'options' parameter may be a shortcut for the expiry. if ( arguments.length > 2 && ( !options || options instanceof Date || typeof options === 'number' ) ) { @@ -80,7 +79,7 @@ mw.cookie = { options.expires = date; } - sameSiteLegacy = options.sameSiteLegacy; + // Ignore sameSiteLegacy (T344791) delete options.sameSiteLegacy; if ( value !== null ) { @@ -88,12 +87,6 @@ mw.cookie = { } jar.cookie( prefix + key, value, options ); - if ( sameSiteLegacy && options.sameSite && options.sameSite.toLowerCase() === 'none' ) { - // Make testing easy by not changing the object passed to the first jar.cookie call - options = Object.assign( {}, options ); - delete options.sameSite; - jar.cookie( prefix + 'ss0-' + key, value, options ); - } }, /** diff --git a/resources/src/mediawiki.cookie/types.js b/resources/src/mediawiki.cookie/types.js index e2cebcef3460..149c622384ce 100644 --- a/resources/src/mediawiki.cookie/types.js +++ b/resources/src/mediawiki.cookie/types.js @@ -10,9 +10,7 @@ * / 'Strict', case-insensitive; default is to omit the flag, which results in Lax on * modern browsers). Set to None AND set secure=true if the cookie needs to be visible on * cross-domain requests. - * @property {boolean} [sameSiteLegacy] If true, sameSite=None -* cookies will also be sent as a non-SameSite cookie with an 'ss0-' prefix, to work around -* old browsers interpreting the standard differently. Defaults to $wgUseSameSiteLegacyCookies. + * @property {boolean} [sameSiteLegacy] Deprecated, ignored. * @property {Date|number|null} [expires] Number of days to store the value (when setting). * The expiry date of the cookie, or lifetime in seconds. * If null or 0, then a session cookie is set. Defaults to wgCookieExpiration. |