2

Can someone show me how to set the cookie so the error message goes away? I added:

<?php setcookie("headers", "", [    
    'expires' => time() + 86400,    
    'path' => '/',    
    'domain' => 'localhost',    
    'secure' => true,    
    'httponly' => true,
    'samesite' => 'strict',    
]); ?>

to the top of header_form.php but it doesn't seem to do anything.

When I view the following on localhost:

header_form.php:

<html>
<head>
    <title></title>
    <link rel="stylesheet" href="../public/css/header.css">
    <link rel="icon" type="image/png" href="../favicon.png">    
</head>   
<body>
    <div class="container">
        <img id="swb" src="https://www.sailwbob.com/images/swb.png" alt="SwB">
        <div class="img-container">
            <img class="lround small" src="https://www.sailwbob.com/images/img-1.png" alt="img-1">
            <img class="small" src="https://www.sailwbob.com/images/img-2.png" alt"img-1">
            <img class="small" src="https://www.sailwbob.com/images/img-3.png" alt="img-1">
            <img class="small" src="https://www.sailwbob.com/images/img-4.png" alt="img-1">
            <img class="small" src="https://www.sailwbob.com/images/img-5.png" alt="img-1">
            <img class="rround small" src="https://www.sailwbob.com/images/img-6.png" alt="img-1">
        </div>
    </div>
</body>
</html>

the first time I get no errors in chrome. On reload I get a sameSite error:

Indicate whether to send a cookie in a cross-site request by specifying its SameSite attribute
Because a cookie’s SameSite attribute was not set or is invalid, it defaults to SameSite=Lax, which prevents the cookie from being sent in a cross-site request. This behavior protects user data from accidentally leaking to third parties and cross-site request forgery.
Resolve this issue by updating the attributes of the cookie:
Specify SameSite=None and Secure if the cookie should be sent in cross-site requests. This enables third-party use.
Specify SameSite=Strict or SameSite=Lax if the cookie should not be sent in cross-site requests.
1 cookie
Name    Domain & Path
headers www.sailwbob.com/
7 requests
swb.png
img-6.png
img-5.png
img-3.png
img-4.png
img-2.png
img-1.png

Where is the headers cookie being set and how do I fix the error?

sideshowbarker
  • 81,827
  • 26
  • 193
  • 197
DCR
  • 14,737
  • 12
  • 52
  • 115
  • There is no PHP code here. Do you have some? Or is this a pure HTML page that you're viewing? – Greg Schmidt Oct 11 '21 at 17:50
  • pure html but my backend is php – DCR Oct 11 '21 at 17:51
  • By "pure HTML", I mean like you are hitting test.html and this is what's in it and there is no PHP ever involved in this particular request. If there is PHP running anywhere in the generation of this output, then it's not "pure HTML", and the problem is almost certainly coming from your PHP, not from anything you've shown so far. – Greg Schmidt Oct 11 '21 at 17:53
  • I type into the browser http://localhost/lagin/views/header_form.php and when I check chrome everything is ok. When I do a reload I get the error – DCR Oct 11 '21 at 17:59
  • Does this answer your question? [Why am I getting "Indicate whether to send a cookie in a cross-site request by specifying its SameSite attribute"?](https://stackoverflow.com/questions/63273838/why-am-i-getting-indicate-whether-to-send-a-cookie-in-a-cross-site-request-by-s) – slashroot Oct 11 '21 at 18:29
  • no it does not answer my question. Do you know how to fix the error? – DCR Oct 11 '21 at 18:31
  • I'm not clear whether the values for samesite are case-sensitive, but the docs show it as Strict, not strict. – Greg Schmidt Oct 12 '21 at 17:27

0 Answers0