Koha/C4
Owen Leonard 59ff962caa Bug 26019: Koha should set SameSite attribute on cookies
This patch modifies the way Koha sets cookies so that the "sameSite"
attribute is explicitly set to "Lax." This option is chosen because it
is the value which is currently assumed by browsers when the sameSite
attribute is not set.

To test, apply the patch and restart services.

- Log in to the staff interface and open your browser's developer tools.
  - In Firefox, look for a "Storage" tab.
  - In Chrome, look for an "Application" tab.
- Under "Cookies," click the URL of the staff interface.
- You should see all the cookies which are set for that domain.
- The CGISESSID cookie should have sameSite set to "Lax."

- Go to Cataloging -> New record.
  - Check the "marcdocs" and "marctags" cookies.
- Switch to the Advanced MARC editor (you may need to enable
  theEnableAdvancedCatalogingEditor preference).
  - Check the "catalogue_editor" cookie.
- Add a new item to an existing bibliographic record.
  - Check the "LastCreatedItem" cookie which is set after you save the
    new item.
- Go to Authorities -> Authority search.
  - In authority search results, click "Merge" from the "Actions" menu
    next to one of the results..
    - Check the "auth_to_merge" cookie.
- Go to Administration -> MARC bibliographic framework
  - Choose "MARC structure" from the menu corresponding to one of the
    frameworks.
  - Check the "Display only used tags/subfields" checkbox.
    - Check the "marctagstructure_selectdisplay" cookie.
- Go to Circulation -> Check out to a patron with checkouts.
  - Check the "Always show checkouts immediately" checkbox.
    - Check the "issues-table-load-immediately-circulation" cookie.
- Go to Tools -> Patron clubs. You will need at least one active club
  with one or more patrons enrolled.
  - From the list of clubs, click Actions -> Search to hold.
    - Check the "holdforclub" cookie.
- Go to Tools -> Batch item modification and submit a batch of items.
  - Uncheck one or more checkboxes in the "Show/hide columns" area.
    - Check the "showColumns" cookie.
- View a patron -> Search to hold.
  - Check the 'holdfor' cookie.
- With WebBasedSelfCheck enabled, log in to the self-checkout page.
  - Check the "JWT" cookie.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-04-13 15:55:38 +02:00
..
AuthoritiesMarc Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
Barcodes Bug 26328: Cast barcode from varchar to integer for incremental barcode 2022-03-23 10:50:51 -10:00
ClassSortRoutine Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
ClassSplitRoutine Bug 28572: Remove C4::Debug 2021-06-22 12:04:32 +02:00
Creators Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
External Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
Form Bug 28572: Remove C4::Debug 2021-06-22 12:04:32 +02:00
Heading Bug 26852: subfield $e missing in X11 definition of MARC21 headings 2021-08-11 13:27:52 +02:00
ILSDI Bug 22347: Translatability of ILSDI GetAvailability 2022-04-12 17:13:02 +02:00
Installer Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
Labels Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
Linker Bug 28676: Cache and retrieve match_count when searching a cached heading 2021-09-20 12:06:56 +02:00
Members Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
OAI Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
Output Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
Patroncards Bug 25459: Makes barcode position respect units in patron cards layout 2021-11-02 16:50:01 +01:00
Reports Bug 29695: Remove C4::Reports::Guided::_get_column_defs 2022-04-12 11:40:16 +02:00
Search Bug 29915: Tiny session adjustments 2022-03-22 10:17:33 -10:00
Serials Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
SIP Bug 30118: (QA follow-up) Fix Perl Critic issues 2022-04-08 15:49:18 +02:00
Utils Bug 30063: Remove occurrences of C4::Utils::DataTables::Members 2022-04-04 09:47:01 +02:00
Accounts.pm Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
Acquisition.pm Bug 29844: Fix ->search occurrences 2022-02-09 15:36:23 -10:00
Auth.pm Bug 26019: Koha should set SameSite attribute on cookies 2022-04-13 15:55:38 +02:00
Auth_cas_servers.yaml.sample
Auth_with_cas.pm Bug 28417: Don't require C4::Auth_with_cas from opac-user if not needed 2021-11-03 15:40:52 +01:00
Auth_with_ldap.pm Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
Auth_with_shibboleth.pm Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
AuthoritiesMarc.pm Bug 29990: Show authority appropriate heading use on search results 2022-04-08 15:49:17 +02:00
BackgroundJob.pm Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
Barcodes.pm Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
Biblio.pm Bug 29486: _koha_marc_update_bib_ids no longer needed for GetMarcBiblio 2022-03-22 10:17:34 -10:00
Breeding.pm Bug 29391: Improve output of reservoir search 2022-01-09 21:04:17 -10:00
Budgets.pm Bug 24190: (follow-up) Rename AcqLog 2021-09-21 20:22:57 +02:00
Calendar.pm Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
Charset.pm Bug 18984: Remove NORMARC support 2021-10-07 15:36:40 +02:00
Circulation.pm Bug 30114: Koha offline circulation will always cancel the next hold when issuing item to a patron 2022-04-04 16:23:45 +02:00
ClassSortRoutine.pm Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
ClassSource.pm Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
ClassSplitRoutine.pm Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
Context.pm Bug 28306: Allow to query database with minimal memory footprint 2021-08-31 10:27:52 +02:00
Contract.pm Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
CourseReserves.pm Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
Creators.pm Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
Heading.pm Bug 25616: Uppercase hard coded lower case boolean operators for Elasticsearch 2022-02-24 14:35:36 -10:00
HoldsQueue.pm Bug 29844: Fix ->search occurrences 2022-02-09 15:36:23 -10:00
HTML5Media.pm Bug 18984: Remove NORMARC support 2021-10-07 15:36:40 +02:00
ImportBatch.pm Bug 30402: Import authorities subroutines to ImportBatch script 2022-04-08 15:49:15 +02:00
ImportExportFramework.pm Bug 13952: (follow-up) JS translatability, clean warns, other 2022-04-04 16:23:46 +02:00
InstallAuth.pm Bug 26019: Koha should set SameSite attribute on cookies 2022-04-13 15:55:38 +02:00
Installer.pm Bug 26326: (follow-up) Add ability to check for existence of any primary key 2021-11-03 15:40:52 +01:00
ItemCirculationAlertPreference.pm Bug 29844: Fix ->search occurrences 2022-02-09 15:36:23 -10:00
Items.pm Bug 14393: Add collection code filter to inventory 2022-04-08 15:49:18 +02:00
Koha.pm Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
Labels.pm
Languages.pm Bug 15067: Follow up to fix sorting 2021-08-04 14:06:43 +02:00
Letters.pm Bug 17648: ACCTDETAILS notice does not show in notices.pl 2022-03-17 11:22:56 -10:00
Linker.pm Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
Log.pm Bug 28692: (QA follow-up) Fix test for objects 2021-11-16 14:00:20 +01:00
MarcModificationTemplates.pm Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
Matcher.pm Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
Members.pm Bug 29844: Fix ->search occurrences 2022-02-09 15:36:23 -10:00
Message.pm Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
Output.pm Bug 30115: Uninitialized value warning in C4/Output.pm 2022-02-21 15:15:47 -10:00
Overdues.pm Bug 19532: (QA follow-up) Simplify resultset accessors 2022-03-14 22:45:52 -10:00
Patroncards.pm Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
Record.pm Bug 18984: Remove NORMARC support 2021-10-07 15:36:40 +02:00
Reports.pm Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
Reserves.pm Bug 29517: Check if agerestriction field is mapped before fetching biblio 2022-04-04 16:23:45 +02:00
Ris.pm Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
RotatingCollections.pm Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
Scheduler.pm Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
Scrubber.pm Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
Search.pm Bug 30244: Include lost items in list of hidden items 2022-03-25 11:01:04 -10:00
Serials.pm Bug 30035: Fix month name in prediction pattern 2022-03-01 22:47:47 -10:00
Service.pm Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
ShelfBrowser.pm Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
SMS.pm Bug 27673: Replace YAML with YAML::XS 2021-02-16 14:54:50 +01:00
SocialData.pm Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
Stats.pm Bug 19532: Recalls objects and tests 2022-03-14 22:45:51 -10:00
Suggestions.pm Bug 28855: Purging suggestions test should not be on timestamp 2021-12-15 12:14:47 -10:00
Tags.pm Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
Templates.pm Bug 26019: Koha should set SameSite attribute on cookies 2022-04-13 15:55:38 +02:00
TmplToken.pm
TmplTokenType.pm Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
TTParser.pm
UsageStats.pm Bug 5229: Remove system preference 'OPACItemsResultsDisplay' 2021-11-19 15:23:27 +01:00
XISBN.pm Bug 17600: Standardize our EXPORT_OK 2021-07-16 08:58:47 +02:00
XSLT.pm Bug 19532: (RM follow-up) More use of system preference 2022-03-14 23:11:12 -10:00