From: Tim Düsterhus Date: Fri, 13 May 2022 16:13:53 +0000 (+0200) Subject: Merge branch 'master' into remove-multi-domain X-Git-Tag: 6.0.0_Alpha_1~1291^2~5 X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=915e180653aa2ab220de639662af12a35e018570;p=GitHub%2FWoltLab%2FWCF.git Merge branch 'master' into remove-multi-domain --- 915e180653aa2ab220de639662af12a35e018570 diff --cc com.woltlab.wcf/option.xml index d7ba28442b,9266c0a6df..74a735f593 --- a/com.woltlab.wcf/option.xml +++ b/com.woltlab.wcf/option.xml @@@ -1661,6 -1660,6 +1654,7 @@@ DESC:wcf.global.sortOrder.descending + diff --cc wcfsetup/install/files/lib/system/WCF.class.php index 1db4ae6f20,5ad42d7ee4..e57b72c010 --- a/wcfsetup/install/files/lib/system/WCF.class.php +++ b/wcfsetup/install/files/lib/system/WCF.class.php @@@ -496,8 -482,8 +482,11 @@@ class WC // The captcha option related to the removed SearchForm was removed in 5.5. \define('SEARCH_USE_CAPTCHA', 0); + // Multi-domain setups were removed in 5.6. + \define('DESKTOP_NOTIFICATION_PACKAGE_ID', 1); ++ + // Disabling X-Frame-Options is no longer possible since 5.6. + \define('HTTP_SEND_X_FRAME_OPTIONS', 1); } /** diff --cc wcfsetup/install/files/lib/system/session/SessionHandler.class.php index 13142222c9,4a5e23f38c..dbb15360e7 --- a/wcfsetup/install/files/lib/system/session/SessionHandler.class.php +++ b/wcfsetup/install/files/lib/system/session/SessionHandler.class.php @@@ -488,15 -489,21 +488,11 @@@ final class SessionHandler extends Sing // and it is supported by default in common JavaScript frameworks. // 2) We want to set the SameSite=lax parameter. // 3) We don't want the HttpOnly parameter. - $sameSite = $cookieDomain = ''; - if (ApplicationHandler::getInstance()->isMultiDomainSetup()) { - // We need to specify the cookieDomain in a multi domain set-up, because - // otherwise no cookies are sent to subdomains. - $cookieDomain = HeaderUtil::getCookieDomain(); - $cookieDomain = ($cookieDomain !== null ? '; domain=' . $cookieDomain : ''); - } else { - // SameSite=lax is not supported in a multi domain set-up, because - // it breaks cross-application requests. - $sameSite = '; SameSite=lax'; - } + $sameSite = '; SameSite=lax'; - if (!HTTP_SEND_X_FRAME_OPTIONS) { - $sameSite = '; SameSite=none'; - } - \header( - 'set-cookie: XSRF-TOKEN=' . \rawurlencode($xsrfToken) . '; path=/' . $cookieDomain . (RouteHandler::secureConnection() ? '; secure' : '') . $sameSite, + 'set-cookie: XSRF-TOKEN=' . \rawurlencode($xsrfToken) . '; path=/' . (RouteHandler::secureConnection() ? '; secure' : '') . $sameSite, false ); } diff --cc wcfsetup/install/lang/de.xml index d539a96fde,03285fef02..56505df1bf --- a/wcfsetup/install/lang/de.xml +++ b/wcfsetup/install/lang/de.xml @@@ -5555,8 -5564,11 +5554,14 @@@ Benachrichtigungen auf + + + + + + + + diff --cc wcfsetup/install/lang/en.xml index 6795efaed8,f616ec27c3..77eef39b50 --- a/wcfsetup/install/lang/en.xml +++ b/wcfsetup/install/lang/en.xml @@@ -5557,8 -5566,11 +5556,14 @@@ your notifications on + + + + + + + +