Check here : http://www.gsill.net/example/check/

About settings : since config is loaded before read config , i think it's hard to make it dynamically according to IFrame embedding allowed but we can document it.

@ollehar : need advice …

To fix this issue : need https://github.com/yiisoft/yii/commit/566cae7fd94cffb8a20771949c8a97a27bd237f8#diff-652721134484aa3b5f3d6fe36ddc8db5b02f315e1ea047974e40dec1cc0675fb
But it's only in Yii1 master, not in any release …

Did i move to master for other fix : https://github.com/yiisoft/yii/pull/4306 for example

Or just apply patch ?

Denis

Apply manually? Then we update Yii when released.

Milstone for next release : https://github.com/yiisoft/yii/milestone/15

Oki,

Thank you.

Screenshot of cookies settings
FF VS Chrome

Capture d’écran du 2020-10-21 16-54-01.png (18,167 bytes)   

Capture d’écran du 2020-10-21 16-54-01.png (18,167 bytes)   

Capture d’écran du 2020-10-21 16-54-50.png (17,227 bytes)   

Capture d’écran du 2020-10-21 16-54-50.png (17,227 bytes)   

https://github.com/LimeSurvey/LimeSurvey/pull/1629

Fix committed to 3.x-LTS branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=30643

Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=30645

Clone

Here comes an adjusted config.php file with the correct settings mentioned above (note the difference of "samesite" and "sameSite"!):

return array(
'components' => array(
'db' => array(
'connectionString' => 'mysql:host=localhost;port=3306;dbname=xxx;',
'emulatePrepare' => true,
'username' => 'xxx',
'password' => 'xxx/&',
'charset' => 'utf8mb4',
'tablePrefix' => 'lime_',
),
'session' => array (
'sessionName'=>'LS-MORCEARBZKUGPRIQ',
'cookieParams' => array(
'secure' => true,
'samesite' => 'none',
),

        // Uncomment the following lines if you need table-based sessions.
        // Note: Table-based sessions are currently not supported on MSSQL server.
        // 'class' => 'application.core.web.DbHttpSession',
        // 'connectionID' => 'db',
        // 'sessionTableName' => '{{sessions}}',
     ),     
    'urlManager' => array(
        'urlFormat' => 'path',
        'rules' => array(
            // You can add your own rules here
        ),
        'showScriptName' => true,
    )   
),  
// For security issue : it's better to set runtimePath out of web access
// Directory must be readable and writable by the webuser
// 'runtimePath'=>'/var/limesurvey/runtime/'
// Use the following config variable to set modified optional settings copied from config-defaults.php
'config'=>array(    
// debug: Set this to 1 if you are looking for errors. If you still get no errors after enabling this
// then please check your error-logs - either in your hosting provider admin panel or in some /logs directory
// on your webspace.
// LimeSurvey developers: Set this to 2 to additionally display STRICT PHP error messages and get full access to standard templates
    'debug'=>0,
    'debugsql'=>0, // Set this to 1 to enanble sql logging, only active when debug = 2
    // Update default LimeSurvey config here        
    'request' => array(
        'enableCsrfValidation'=>true,
        'csrfCookie' => array(
            'samesite' => 'none',
            'secure' => true,
        ),
    )
)

);