</options>
</import>
<delete>
+ <option name="desktop_notification_package_id"/>
+ <option name="http_send_x_frame_options"/>
</delete>
</data>
// The captcha option related to the removed SearchForm was removed in 5.5.
\define('SEARCH_USE_CAPTCHA', 0);
+ // Multi-domain setups were removed in 5.6.
+ \define('DESKTOP_NOTIFICATION_PACKAGE_ID', 1);
++
+ // Disabling X-Frame-Options is no longer possible since 5.6.
+ \define('HTTP_SEND_X_FRAME_OPTIONS', 1);
}
/**
// and it is supported by default in common JavaScript frameworks.
// 2) We want to set the SameSite=lax parameter.
// 3) We don't want the HttpOnly parameter.
- $sameSite = $cookieDomain = '';
- if (ApplicationHandler::getInstance()->isMultiDomainSetup()) {
- // We need to specify the cookieDomain in a multi domain set-up, because
- // otherwise no cookies are sent to subdomains.
- $cookieDomain = HeaderUtil::getCookieDomain();
- $cookieDomain = ($cookieDomain !== null ? '; domain=' . $cookieDomain : '');
- } else {
- // SameSite=lax is not supported in a multi domain set-up, because
- // it breaks cross-application requests.
- $sameSite = '; SameSite=lax';
- }
+ $sameSite = '; SameSite=lax';
- if (!HTTP_SEND_X_FRAME_OPTIONS) {
- $sameSite = '; SameSite=none';
- }
-
\header(
- 'set-cookie: XSRF-TOKEN=' . \rawurlencode($xsrfToken) . '; path=/' . $cookieDomain . (RouteHandler::secureConnection() ? '; secure' : '') . $sameSite,
+ 'set-cookie: XSRF-TOKEN=' . \rawurlencode($xsrfToken) . '; path=/' . (RouteHandler::secureConnection() ? '; secure' : '') . $sameSite,
false
);
}
</category>
</import>
<delete>
+ <item name="wcf.acp.option.desktop_notification_package_id"/>
+ <item name="wcf.acp.option.desktop_notification_package_id.description"/>
+ <item name="wcf.acp.application.multiDomain"/>
+ <item name="wcf.acp.pluginStore.api.noSSL"/>
+ <item name="wcf.acp.index.system.php.sslSupport"/>
+ <item name="wcf.acp.index.system.php.sslSupport.available"/>
+ <item name="wcf.acp.index.system.php.sslSupport.notAvailable"/>
+ <item name="wcf.acp.option.http_send_x_frame_options"/>
+ <item name="wcf.acp.option.http_send_x_frame_options.description"/>
</delete>
</language>
</category>
</import>
<delete>
+ <item name="wcf.acp.option.desktop_notification_package_id"/>
+ <item name="wcf.acp.option.desktop_notification_package_id.description"/>
+ <item name="wcf.acp.application.multiDomain"/>
+ <item name="wcf.acp.pluginStore.api.noSSL"/>
+ <item name="wcf.acp.index.system.php.sslSupport"/>
+ <item name="wcf.acp.index.system.php.sslSupport.available"/>
+ <item name="wcf.acp.index.system.php.sslSupport.notAvailable"/>
+ <item name="wcf.acp.option.http_send_x_frame_options"/>
+ <item name="wcf.acp.option.http_send_x_frame_options.description"/>
</delete>
</language>
projects / GitHub / WoltLab / WCF.git / commitdiff