Skip to content

cookie_domain config option for setting cookie on a wider domain #51657

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
AndyScherzinger merged 1 commit into from
Jun 17, 2025
Merged

cookie_domain config option for setting cookie on a wider domain #51657

AndyScherzinger merged 1 commit into from
Jun 17, 2025

Conversation

@SBizienFilippiPEReN
Copy link
Contributor

@SBizienFilippiPEReN SBizienFilippiPEReN commented Mar 24, 2025
edited
Loading

Summary

Adds a cookie_domain option to define to which domain(s) the cookies sent by Nextcloud are valid. By default, it is set to '' which is the safe option (i.e. the browser is instructed to send the cookie only for request to the exact same domain that issued it).

But when your instance is accessible over 2 domains, for example 'mycloud.mydomain.example' and 'sub.mycloud.mydomain.example', setting cookie_domain to 'mycloud.mydomain.example' will make the cookie valid for mycloud.mydomain.example and any subdomain (but not for mydomain.example).

Documentation : MDN / Cookies / Define where cookies are sent.

TODO

I've updated config.sample.php, but it's not clear where should this functionality should be documented.

Checklist

@SBizienFilippiPEReN SBizienFilippiPEReN requested a review from a team as a code owner March 24, 2025 09:47
@SBizienFilippiPEReN SBizienFilippiPEReN requested review from come-nc, icewind1991 and nfebe and removed request for a team March 24, 2025 09:47
icewind1991
icewind1991 approved these changes Mar 25, 2025
View reviewed changes
Copy link
Member

@icewind1991 icewind1991 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good otherwise

@SBizienFilippiPEReN
Copy link
Contributor Author

SBizienFilippiPEReN commented Mar 28, 2025

I also wondered if / how this option would be enforced for nextcloud apps. I don't know the codebase, so I can't tell if they will automatically pick this option for apps-defined cookies.

@icewind1991
Copy link
Member

icewind1991 commented Mar 28, 2025

Apps should generally not be doing their own cookie logic

come-nc
come-nc requested changes Mar 31, 2025
View reviewed changes
Copy link
Contributor

@come-nc come-nc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please use typed version of the getter when possble (not possible in base.php as it’s not the same config class in use)

@SBizienFilippiPEReN SBizienFilippiPEReN force-pushed the cookie-domain branch 2 times, most recently from 6c904c5 to f5a89f0 Compare April 1, 2025 06:32
come-nc
come-nc requested changes Apr 7, 2025
View reviewed changes
@github-actions
Copy link
Contributor

github-actions bot commented Apr 8, 2025

Hello there,
Thank you so much for taking the time and effort to create a pull request to our Nextcloud project.

We hope that the review process is going smooth and is helpful for you. We want to ensure your pull request is reviewed to your satisfaction. If you have a moment, our community management team would very much appreciate your feedback on your experience with this PR review process.

Your feedback is valuable to us as we continuously strive to improve our community developer experience. Please take a moment to complete our short survey by clicking on the following link: https://cloud.nextcloud.com/apps/forms/s/i9Ago4EQRZ7TWxjfmeEpPkf6

Thank you for contributing to Nextcloud and we hope to hear from you soon!

(If you believe you should not receive this message, you can add yourself to the blocklist.)

@SBizienFilippiPEReN
Copy link
Contributor Author

SBizienFilippiPEReN commented May 16, 2025

Hello. Is there anything missing to this PR before merge ?

Thanks.

@AndyScherzinger AndyScherzinger merged commit 6f2fbef into nextcloud:master Jun 17, 2025
194 of 205 checks passed
@welcome
Copy link

welcome bot commented Jun 17, 2025

Thanks for your first pull request and welcome to the community! Feel free to keep them coming! If you are looking for issues to tackle then have a look at this selection: https://github.com/nextcloud/server/issues?q=is%3Aopen+is%3Aissue+label%3A%22good+first+issue%22

@AndyScherzinger AndyScherzinger added this to the Nextcloud 32 milestone Jun 17, 2025
@joshtrichards joshtrichards mentioned this pull request Jul 3, 2025
Closed
8 tasks
@nextcloud-bot nextcloud-bot mentioned this pull request Aug 19, 2025
Merged
@skjnldsv skjnldsv removed this from the Nextcloud 32 milestone Sep 28, 2025
@skjnldsv skjnldsv modified the milestones: Nextcloud 33, Nextcloud 32 Sep 28, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@icewind1991 icewind1991 icewind1991 approved these changes

@come-nc come-nc come-nc approved these changes

@nfebe nfebe Awaiting requested review from nfebe nfebe is a code owner automatically assigned from nextcloud/server-backend

Assignees

No one assigned

Labels

feedback-requested

Projects

None yet

Milestone

Nextcloud 32

Development

Successfully merging this pull request may close these issues.

5 participants

@SBizienFilippiPEReN @icewind1991 @come-nc @AndyScherzinger @skjnldsv