From 5ae2d9ee89facbd9d9906d9e4610f747a346e05b Mon Sep 17 00:00:00 2001
From: Roman Kelesidis <roman25052006.kelesh@gmail.com>
Date: Wed, 24 May 2023 23:25:06 +0700
Subject: [PATCH] Added 'samesite' option for setcookie() (#720)

---
 library/config.php           | 1 +
 library/includes/init_bb.php | 4 ++++
 2 files changed, 5 insertions(+)

diff --git a/library/config.php b/library/config.php
index 9b4d95caf..795bae67e 100644
--- a/library/config.php
+++ b/library/config.php
@@ -355,6 +355,7 @@ $bb_cfg['show_sidebar2_on_every_page'] = false;
 $bb_cfg['cookie_domain'] = in_array($domain_name, [getenv('SERVER_ADDR'), 'localhost'], true) ? '' : ".$domain_name";
 $bb_cfg['cookie_secure'] = $domain_ssl ? true : \TorrentPier\Helpers\IsHelper::isHTTPS();
 $bb_cfg['cookie_prefix'] = 'bb_'; // 'bb_'
+$bb_cfg['cookie_same_site'] = 'Lax'; // Lax, None, Strict | https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
 
 // Sessions
 $bb_cfg['session_update_intrv'] = 180; // sec
diff --git a/library/includes/init_bb.php b/library/includes/init_bb.php
index 4b5403792..f5ebd5887 100644
--- a/library/includes/init_bb.php
+++ b/library/includes/init_bb.php
@@ -74,6 +74,8 @@ define('COOKIE_PERSIST', TIMENOW + 31536000);
 define('COOKIE_MAX_TRACKS', 90);
 
 /**
+ * Set cookie
+ *
  * @param $name
  * @param $val
  * @param int $lifetime
@@ -83,12 +85,14 @@ define('COOKIE_MAX_TRACKS', 90);
 function bb_setcookie($name, $val, int $lifetime = COOKIE_PERSIST, bool $httponly = false)
 {
     global $bb_cfg;
+
     return setcookie($name, $val, [
         'expires' => $lifetime,
         'path' => $bb_cfg['script_path'],
         'domain' => $bb_cfg['cookie_domain'],
         'secure' => $bb_cfg['cookie_secure'],
         'httponly' => $httponly,
+        'samesite' => $bb_cfg['cookie_same_site'],
     ]);
 }