Implement anti csrf measures

This is done by using the "samesite" cookie attribute.
author: xXx-caillou-xXx 2017-11-24 14:03:37 +0100
committer: jvoisin 2017-11-24 14:03:37 +0100
commit: 5a224ee0c92d1639395d6a0c629316ae64226125 (patch)
tree: 8925d27e2bbfa877e9fb1fc20868fbef3d009b04 /src/sp_cookie_encryption.h
parent: 79304a29661476dc75bba07c5a83133122bbcb5c (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/src/sp_cookie_encryption.h b/src/sp_cookie_encryption.h
index 9904738..889a89c 100644
--- a/src/sp_cookie_encryption.h
+++ b/src/sp_cookie_encryption.h
@@ -11,6 +11,8 @@
 #include "ext/hash/php_hash_sha.h"
 #include "ext/standard/base64.h"
+#define SAMESITE_COOKIE_FORMAT "; samesite="
 int hook_cookies();
 int decrypt_cookie(zval *pDest, int num_args, va_list args, zend_hash_key *hash_key);
author	xXx-caillou-xXx	2017-11-24 14:03:37 +0100
committer	jvoisin	2017-11-24 14:03:37 +0100
commit	5a224ee0c92d1639395d6a0c629316ae64226125 (patch)
tree	8925d27e2bbfa877e9fb1fc20868fbef3d009b04 /src/sp_cookie_encryption.h
parent	79304a29661476dc75bba07c5a83133122bbcb5c (diff)

diff --git a/src/sp_cookie_encryption.h b/src/sp_cookie_encryption.h index 9904738..889a89c 100644 --- a/src/sp_cookie_encryption.h +++ b/src/sp_cookie_encryption.h
@@ -11,6 +11,8 @@
11	#include "ext/hash/php_hash_sha.h"	11	#include "ext/hash/php_hash_sha.h"
12	#include "ext/standard/base64.h"	12	#include "ext/standard/base64.h"
13		13
		14	#define SAMESITE_COOKIE_FORMAT "; samesite="
		15
14	int hook_cookies();	16	int hook_cookies();
15	int decrypt_cookie(zval pDest, int num_args, va_list args, zend_hash_key hash_key);	17	int decrypt_cookie(zval pDest, int num_args, va_list args, zend_hash_key hash_key);
16		18