From b8fb6aab761187795186d97209c3972e046b7786 Mon Sep 17 00:00:00 2001
From: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Date: Mon, 24 Apr 2023 10:35:26 +0000
Subject: [PATCH] Bug 33597: Fix deleting cookie for holdfor(club)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

Resolve:
Cookie âholdforâ does not have a proper âSameSiteâ attribute value. Soon, cookies without the âSameSiteâ attribute or with an invalid value will be treated as âLaxâ. This means that the cookie will no longer be sent in third-party contexts. If your application depends on this cookie being available in such contexts, please add the âSameSite=Noneâ attribute to it.

Did not see warning for holdforclub. But since it is created with Lax, we should remove it with Lax.

Test plan:
Similar to previous patch. Check console on logout page.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 7e5e311cb0c88b9223ce98d685668962edc7baee)
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit d8567143eea4dde52cce0c856e3c12a6154eda0b)
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
---
 koha-tmpl/intranet-tmpl/prog/js/pages/results.js | 4 ++--
 koha-tmpl/intranet-tmpl/prog/js/staff-global.js  | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/koha-tmpl/intranet-tmpl/prog/js/pages/results.js b/koha-tmpl/intranet-tmpl/prog/js/pages/results.js
index 5320b3b3af..84c9dfc766 100644
--- a/koha-tmpl/intranet-tmpl/prog/js/pages/results.js
+++ b/koha-tmpl/intranet-tmpl/prog/js/pages/results.js
@@ -356,8 +356,8 @@ function placeHold () {
 }
 
 function forgetPatronAndClub(){
-    Cookies.remove("holdfor", { path: '/' });
-    Cookies.remove("holdforclub", { path: '/' });
+    Cookies.remove("holdfor", { path: '/', SameSite: 'Lax' });
+    Cookies.remove("holdforclub", { path: '/', SameSite: 'Lax' });
     $(".holdforlink").remove();
     $("#placeholdc").html("<a class=\"btn btn-default btn-xs placehold\" href=\"#\"><i class=\"fa fa-sticky-note-o\"></i> " + __("Place hold") + "</a>");
 }
diff --git a/koha-tmpl/intranet-tmpl/prog/js/staff-global.js b/koha-tmpl/intranet-tmpl/prog/js/staff-global.js
index de0e442efa..3695f4e367 100644
--- a/koha-tmpl/intranet-tmpl/prog/js/staff-global.js
+++ b/koha-tmpl/intranet-tmpl/prog/js/staff-global.js
@@ -201,7 +201,7 @@ function checkEnter(e){ //e is event object passed from function invocation
 }
 
 function clearHoldFor(){
-    Cookies.remove("holdfor", { path: '/' });
+    Cookies.remove("holdfor", { path: '/', SameSite: 'Lax' });
 }
 
 function logOut(){
-- 
2.39.5

