Edit Woo Core function wc_setcookie() for SameSite

ppmtech8102
(@ppmtech8102)

3 years, 12 months ago
One of my clients sells to the government and they buy thru a “punch out” system. What that means to me is an i-frame. Since Google’s enforcement of “SameSite = None” the i-frame won’t pass cookies. I’m pretty sure I need to edit the wc_setcooie() function in WooCommerce’s wp-corefunctions.php. But nothing I put in there works. Anybody know how to do this? They’re pretty desperate.
- This topic was modified 3 years, 12 months ago by ppmtech8102.
- This topic was modified 3 years, 12 months ago by ppmtech8102.

Viewing 3 replies - 1 through 3 (of 3 total)

gotgotf

(@gotgotf)

3 years, 12 months ago

It is not possible to send cookies to an Iframe from a web page.

Thread Starter

ppmtech8102

(@ppmtech8102)

3 years, 12 months ago

Let me rephrase. I need to set cookies in WordPress (especially WooCommerce) to SameSite = None. I think the way to do that is to edit the above referenced function, but I don’t know the correct PHP phrasing to make it work. Does anyone else?

simplejac

(@simplejac)

3 years, 9 months ago

Hello,
I’ve also has this issue, so here’s how I solved it.
This is not a perfect solution because you’ll need to edit WC core files. So every time you update this code gets over written.

In \wp-content\plugins\woocommerce\includes\wc-core-functions.php
On line 1041 – 1062

/**
 * Set a cookie - wrapper for setcookie using WP constants.
 *
 * @param  string  $name   Name of the cookie being set.
 * @param  string  $value  Value of the cookie.
 * @param  integer $expire Expiry of the cookie.
 * @param  bool    $secure Whether the cookie should be served only over https.
 * @param  bool    $httponly Whether the cookie is only accessible over HTTP, not scripting languages like JavaScript. @since 3.6.0.
 */
function wc_setcookie( $name, $value, $expire = 0, $secure = false, $httponly = false ) {
    if ( ! apply_filters( 'woocommerce_set_cookie_enabled', true, $name ,$value, $expire, $secure ) ) {
        return;
    }

    if ( ! headers_sent() ) {
        setcookie($name, $value, ['expires' => 0, 'path' =>  '/', 'domain' => COOKIE_DOMAIN, 'secure' => true, 'httponly' => true, 'samesite' => 'None']);
        //setcookie( $name, $value, $expire, COOKIEPATH ? COOKIEPATH : '/', COOKIE_DOMAIN, $secure, apply_filters( 'woocommerce_cookie_httponly', $httponly, $name, $value, $expire, $secure ) );
    } elseif ( Constants::is_true( 'WP_DEBUG' ) ) {
        headers_sent( $file, $line );
        trigger_error( "{$name} cookie cannot be set - headers already sent by {$file} on line {$line}", E_USER_NOTICE ); // @codingStandardsIgnoreLine
    }
}

Also in \wp-content\plugins\woocommerce\includes\wc-template-functions.php
On line 79 – 91

/**
 * When loading sensitive checkout or account pages, send a HTTP header to limit rendering of pages to same origin iframes for security reasons.
 *
 * Can be disabled with: remove_action( 'template_redirect', 'wc_send_frame_options_header' );
 *
 * @since  2.3.10
 */
function wc_send_frame_options_header() {
    if ( is_account_page() && ! is_customize_preview() ) {
        send_frame_options_header();
    } else if (isset($_COOKIE["cXMLBC"]) && is_checkout()) { 
        remove_action( 'template_redirect', 'wc_send_frame_options_header' );
    }
}
add_action( 'template_redirect', 'wc_send_frame_options_header' );

This reply was modified 3 years, 9 months ago by simplejac.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Edit Woo Core function wc_setcookie() for SameSite’ is closed to new replies.

Edit Woo Core function wc_setcookie() for SameSite

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics