From 56e9846450b9fc5c961974dafe4d0c1dff71b10e Mon Sep 17 00:00:00 2001
From: Guy Sartorelli <guy.sartorelli@gmail.com>
Date: Tue, 11 Mar 2025 13:10:22 +1300
Subject: [PATCH] ENH Make static publish cookie more secure

---
 src/Versioned.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/Versioned.php b/src/Versioned.php
index 0dc6d0d2..33b75197 100644
--- a/src/Versioned.php
+++ b/src/Versioned.php
@@ -2212,16 +2212,17 @@ public static function choose_site_stage(HTTPRequest $request)
             $request->getSession()->set('readingMode', $mode);
         }
 
+        // This cookie is for the silverstripe/staticpublishqueue module
         if (!headers_sent() && !Director::is_cli()) {
             if (Versioned::get_stage() === static::LIVE) {
                 // clear the cookie if it's set
                 if (Cookie::get('bypassStaticCache')) {
-                    Cookie::force_expiry('bypassStaticCache', null, null, false, true /* httponly */);
+                    Cookie::force_expiry('bypassStaticCache', httpOnly: true, sameSite: Cookie::SAMESITE_STRICT);
                 }
             } else {
                 // set the cookie if it's cleared
                 if (!Cookie::get('bypassStaticCache')) {
-                    Cookie::set('bypassStaticCache', '1', 0, null, null, false, true /* httponly */);
+                    Cookie::set('bypassStaticCache', '1', 0, httpOnly: true, sameSite: Cookie::SAMESITE_STRICT);
                 }
             }
         }