nextcloud
cookie_domain config option for setting cookie on a wider domain
Summary
Adds a cookie_domain option to define to which domain(s) the cookies sent by Nextcloud are valid. By default, it is set to '' which is the safe option (i.e. the browser is instructed to send the cookie only for request to the exact same domain that issued it).
But when your instance is accessible over 2 domains, for example 'mycloud.mydomain.example' and 'sub.mycloud.mydomain.example', setting cookie_domain to 'mycloud.mydomain.example' will make the cookie valid for mycloud.mydomain.example and any subdomain (but not for mydomain.example).
Documentation : MDN / Cookies / Define where cookies are sent.
TODO
I've updated config.sample.php, but it's not clear where should this functionality should be documented.
Checklist
- Code is properly formatted
- [x] Sign-off message is added to all commits
- [ ] Tests (unit, integration, api and/or acceptance) are included : not clear if applicable
- Screenshots before/after for front-end changes (n.a.)
- [ ] Documentation (manuals or wiki) has been updated or is not required
- Backports not requested where applicable (ex: critical bugfixes)
I also wondered if / how this option would be enforced for nextcloud apps. I don't know the codebase, so I can't tell if they will automatically pick this option for apps-defined cookies.
Hello there, Thank you so much for taking the time and effort to create a pull request to our Nextcloud project.
We hope that the review process is going smooth and is helpful for you. We want to ensure your pull request is reviewed to your satisfaction. If you have a moment, our community management team would very much appreciate your feedback on your experience with this PR review process.
Your feedback is valuable to us as we continuously strive to improve our community developer experience. Please take a moment to complete our short survey by clicking on the following link: https://cloud.nextcloud.com/apps/forms/s/i9Ago4EQRZ7TWxjfmeEpPkf6
Thank you for contributing to Nextcloud and we hope to hear from you soon!
(If you believe you should not receive this message, you can add yourself to the blocklist.)
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Hello. Is there anything missing to this PR before merge ?
Thanks.
Thanks for your first pull request and welcome to the community! Feel free to keep them coming! If you are looking for issues to tackle then have a look at this selection: https://github.com/nextcloud/server/issues?q=is%3Aopen+is%3Aissue+label%3A%22good+first+issue%22
![welcome[bot] avatar](https://avatars.githubusercontent.com/in/4141?v=4 "Published by a pub.dev verified publisher"){kind=small}