From 81849ac95837d343064a4989eb8d00a87bf02b2d Mon Sep 17 00:00:00 2001
From: jvoisin
Date: Mon, 23 Jul 2018 14:19:15 +0200
Subject: Use SameSite on PHP's session cookie in the default rules

---
 config/default.rules | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'config')

diff --git a/config/default.rules b/config/default.rules
index a21a6cf..b16434f 100644
--- a/config/default.rules
+++ b/config/default.rules
@@ -4,6 +4,9 @@ sp.harden_random.enable();
 # Disabled XXE
 sp.disable_xxe.enable();
 
+# use SameSite on session cookie
+sp.cookie.name("PHPSESSID").samesite("lax");
+
 # Harden the `chmod` function
 sp.disable_function.function("chmod").param("mode").value_r("^[0-9]{2}[67]$").drop();
 
-- 
cgit v1.3