Fixed Console Log: Cookie attribute "sameSite" without using the "secure" attribute

[Boothby]

Affected version

2.1.10 Patch 2

I'm getting the following message in my console log (rough translated by deepl.com):

The cookie "xxx_edit_style_id" will soon be rejected in the future, because it specifies either "none" or an invalid value for the attribute "sameSite" without using the "secure" attribute. For more information about the "sameSite" attribute, see https://developer.mozilla.org/docs/Web/HTTP/Cookies

Browser: Firefox 76
URL: http://localhost

 

[XF Bug Bot]

Thank you for reporting this issue, it has now been resolved. We are aiming to include any changes that have been made in a future XF release (2.2.0 Beta 2).

Change log:

By default when setting cookies set the SameSite property to Lax on PHP versions 7.3 and above. The SameSite property can also be explicitly set to any value when setting cookies via our JS or Response object.

There may be a delay before changes are rolled out to the XenForo Community.