Afegir SameSite=None per la cookie de sessió També s'afegeix que la cookie de sessió sigui segura en producció. Change-Id: Ib162c3666b4055de67aa81db83680e174482219e

commit: 5a2490b8048a218058dbd852a1ec14d6044c858c [log] [tgz]
author: avm99963 <me@avm99963.com> Mon Sep 28 23:14:27 2020 +0200
committer: avm99963 <me@avm99963.com> Mon Sep 28 23:14:27 2020 +0200
tree: b6912f272eef40f652c664d54bc7efa9d9ff7281
parent: 59ba3435708ad5277e7e2e7c0e20063f7d050548 [diff]
diff --git a/config.default.php b/config.default.php
index 0ad1016..09cbb3f 100644
--- a/config.default.php
+++ b/config.default.php

@@ -42,3 +42,7 @@
 
 // URL del repositori de GitHub.
 $conf['gitHubRepo'] = 'https://github.com/delefme/covid-tracability-backend';
+
+// Configurar si estem a producció ("false" vol dir que estem en un servidor
+// de desenvolupament local)
+$conf['isProduction'] = true;

diff --git a/core.php b/core.php
index e58a7eb..ae96f1c 100644
--- a/core.php
+++ b/core.php

@@ -14,9 +14,16 @@
 $con = new PDO('mysql:host='.$conf['db']['host'].';dbname='.$conf['db']['database'].';charset=utf8mb4', $conf['db']['user'], $conf['db']['password']);
 
 // Session settings
-session_set_cookie_params([
-  'lifetime' => 0,
-  'path' => ($conf['path'] ?? '/'),
-  'httponly' => true
-]);
+if(PHP_VERSION_ID < 70300) {
+  session_set_cookie_params(0, ($conf['path'] ?? '/').'; samesite=None', $_SERVER['HTTP_HOST'], $conf['isProduction'], true);
+} else {
+  session_set_cookie_params([
+    'lifetime' => 0,
+    'path' => ($conf['path'] ?? '/'),
+    'secure' => ($conf['isProduction']),
+    'httponly' => true,
+    'samesite' => 'None'
+  ]);
+}
+
 session_start();
commit	5a2490b8048a218058dbd852a1ec14d6044c858c	[log] [tgz]
author	avm99963 <me@avm99963.com>	Mon Sep 28 23:14:27 2020 +0200
committer	avm99963 <me@avm99963.com>	Mon Sep 28 23:14:27 2020 +0200
tree	b6912f272eef40f652c664d54bc7efa9d9ff7281
parent	59ba3435708ad5277e7e2e7c0e20063f7d050548 [diff]