You are viewing a plain text version of this content. The canonical link for it is here.

Posted to cvs@httpd.apache.org by co...@apache.org on 2020/08/28 00:29:17 UTC

svn commit: r1881263 - in /httpd/httpd/trunk: docs/manual/rewrite/flags.xml modules/mappers/mod_rewrite.c

Author: covener
Date: Fri Aug 28 00:29:17 2020
New Revision: 1881263

URL: http://svn.apache.org/viewvc?rev=1881263&view=rev
Log:
samesite: fix check for 0, add "false" alternative.



Modified:
    httpd/httpd/trunk/docs/manual/rewrite/flags.xml
    httpd/httpd/trunk/modules/mappers/mod_rewrite.c

Modified: httpd/httpd/trunk/docs/manual/rewrite/flags.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/rewrite/flags.xml?rev=1881263&r1=1881262&r2=1881263&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/rewrite/flags.xml (original)
+++ httpd/httpd/trunk/docs/manual/rewrite/flags.xml Fri Aug 28 00:29:17 2020
@@ -192,7 +192,7 @@ which means that the cookie is inaccessi
 browsers that support this feature.</dd>
 
 <dt>samesite</dt>
-<dd>If set to anything other than <code>0</code>, the <code>SameSite</code>
+<dd>If set to anything other than <code>false</code> or <code>0</code>, the <code>SameSite</code>
 attribute is set to the specified value.  Typical values are <code>None</code>,
 <code>Lax</code>, and <code>Strict</code>.Available in 2.5.1 and later.</dd>
 </dl>

Modified: httpd/httpd/trunk/modules/mappers/mod_rewrite.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/mappers/mod_rewrite.c?rev=1881263&r1=1881262&r2=1881263&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/mappers/mod_rewrite.c (original)
+++ httpd/httpd/trunk/modules/mappers/mod_rewrite.c Fri Aug 28 00:29:17 2020
@@ -2647,7 +2647,7 @@ static void add_cookie(request_rec *r, c
                                   "; HttpOnly" : NULL,
                                  NULL);
 
-            if (samesite && !strcasecmp(samesite, "0")) { 
+            if (samesite && strcmp(samesite, "0") && ap_cstr_casecmp(samesite,"false")) { 
                 cookie = apr_pstrcat(rmain->pool, cookie, "; SameSite=", 
                                      samesite, NULL);
             }