Toolbar hidden will soon not be remembered because of cookie settings #44
Description
Bug Report
| Q | A |
|---|---|
| Version(s) | 2.4.0 |
Summary
Firefox warns about the laminas-hidden cookie. In specific, it references the following documentation: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite#samesitenone_requires_secure
The problem is that the cookie will be rejected by future browser versions.
Current behavior
laminas-hidden cookie is set with SameSite=None and without secure.
I believe the code responsible for this behaviour is located here: https://github.com/laminas/laminas-developer-tools/blob/2.4.x/view/laminas-developer-tools/toolbar/toolbar.js
How to reproduce
Enable the laminas-developer-tools toolbar. Visit your website. Observe the console output of your browser.
Expected behavior
No warnings should be thrown.
Since not all websites under development are served over a secure connection, I propose setting SameSite=Lax.