From e3b6780edb3e22a5365e549ea894e6e1ace07e2e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Thomas=20M=C3=BCller?= <thomas.mueller@tmit.eu>
Date: Mon, 25 May 2020 15:56:30 +0200
Subject: [PATCH] Set samesite=strict coockies - will work starting php 7.3

---
 changelog/unreleased/37442            |  3 +++
 lib/private/Session/CryptoWrapper.php | 16 +++++++++++++++-
 2 files changed, 18 insertions(+), 1 deletion(-)
 create mode 100644 changelog/unreleased/37442

diff --git a/changelog/unreleased/37442 b/changelog/unreleased/37442
new file mode 100644
index 000000000000..3c58d48a6a3b
--- /dev/null
+++ b/changelog/unreleased/37442
@@ -0,0 +1,3 @@
+Change: Use strict samesize cookie
+
+https://github.com/owncloud/core/pull/37442
diff --git a/lib/private/Session/CryptoWrapper.php b/lib/private/Session/CryptoWrapper.php
index 31b16d9fcb7d..438c58d7afcc 100644
--- a/lib/private/Session/CryptoWrapper.php
+++ b/lib/private/Session/CryptoWrapper.php
@@ -89,7 +89,21 @@ public function __construct(IConfig $config,
 				if ($webRoot === '') {
 					$webRoot = '/';
 				}
-				\setcookie(self::COOKIE_NAME, $this->passphrase, 0, $webRoot, '', $secureCookie, true);
+
+				if (\version_compare(PHP_VERSION, '7.3.0') === -1) {
+					\setcookie(self::COOKIE_NAME, $this->passphrase, 0, $webRoot, '', $secureCookie, true);
+				} else {
+					$options = [
+						"expires" => 0,
+						"path" => $webRoot,
+						"domain" => '',
+						"secure" => $secureCookie,
+						"httponly" => true,
+						"samesite" => 'strict'
+					];
+
+					\setcookie(self::COOKIE_NAME, $this->passphrase, $options);
+				}
 			}
 		}
 	}