samesite: fix check for 0, add "false" alternative.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1881263 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/docs/manual/rewrite/flags.xml b/docs/manual/rewrite/flags.xml
index 5e3457cfc9419534ac683d6e451cb1601972944f..a8fadf0203eb028f693939fc8f067b42aed71270 100644 (file)
--- a/docs/manual/rewrite/flags.xml
+++ b/docs/manual/rewrite/flags.xml
@@ -192,7 +192,7 @@ which means that the cookie is inaccessible to JavaScript code on
 browsers that support this feature.</dd>
 
 <dt>samesite</dt>
-<dd>If set to anything other than <code>0</code>, the <code>SameSite</code>
+<dd>If set to anything other than <code>false</code> or <code>0</code>, the <code>SameSite</code>
 attribute is set to the specified value.  Typical values are <code>None</code>,
 <code>Lax</code>, and <code>Strict</code>.Available in 2.5.1 and later.</dd>
 </dl>

diff --git a/modules/mappers/mod_rewrite.c b/modules/mappers/mod_rewrite.c
index 661bc30f4858fa16ebf1a5a6a2884b155eaf8d29..5a38ad03e0f439907fff041ed49b7989ea80b49d 100644 (file)
--- a/modules/mappers/mod_rewrite.c
+++ b/modules/mappers/mod_rewrite.c
@@ -2647,7 +2647,7 @@ static void add_cookie(request_rec *r, char *s)
                                   "; HttpOnly" : NULL,
                                  NULL);
 
-            if (samesite && !strcasecmp(samesite, "0")) { 
+            if (samesite && strcmp(samesite, "0") && ap_cstr_casecmp(samesite,"false")) { 
                 cookie = apr_pstrcat(rmain->pool, cookie, "; SameSite=", 
                                      samesite, NULL);
             }