From: Eric Covener <covener@apache.org>
Date: Fri, 28 Aug 2020 00:29:17 +0000 (+0000)
Subject: samesite: fix check for 0, add "false" alternative.
X-Git-Tag: 2.5.0-alpha2-ci-test-only~1226
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0009bb53af525fb7f51c0ddabec984e800e9d267;p=thirdparty%2Fapache%2Fhttpd.git

samesite: fix check for 0, add "false" alternative.




git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1881263 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/docs/manual/rewrite/flags.xml b/docs/manual/rewrite/flags.xml
index 5e3457cfc94..a8fadf0203e 100644
--- a/docs/manual/rewrite/flags.xml
+++ b/docs/manual/rewrite/flags.xml
@@ -192,7 +192,7 @@ which means that the cookie is inaccessible to JavaScript code on
 browsers that support this feature.</dd>
 
 <dt>samesite</dt>
-<dd>If set to anything other than <code>0</code>, the <code>SameSite</code>
+<dd>If set to anything other than <code>false</code> or <code>0</code>, the <code>SameSite</code>
 attribute is set to the specified value.  Typical values are <code>None</code>,
 <code>Lax</code>, and <code>Strict</code>.Available in 2.5.1 and later.</dd>
 </dl>
diff --git a/modules/mappers/mod_rewrite.c b/modules/mappers/mod_rewrite.c
index 661bc30f485..5a38ad03e0f 100644
--- a/modules/mappers/mod_rewrite.c
+++ b/modules/mappers/mod_rewrite.c
@@ -2647,7 +2647,7 @@ static void add_cookie(request_rec *r, char *s)
                                   "; HttpOnly" : NULL,
                                  NULL);
 
-            if (samesite && !strcasecmp(samesite, "0")) { 
+            if (samesite && strcmp(samesite, "0") && ap_cstr_casecmp(samesite,"false")) { 
                 cookie = apr_pstrcat(rmain->pool, cookie, "; SameSite=", 
                                      samesite, NULL);
             }