X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/b8e2d75014c89c9e345c3f940ec8743bd158df67..refs/pull/5280/head:/app/Config/session.php

diff --git a/app/Config/session.php b/app/Config/session.php
index c750e1ef9..f2ec2509f 100644
--- a/app/Config/session.php
+++ b/app/Config/session.php
@@ -1,6 +1,6 @@
 <?php
 
-use \Illuminate\Support\Str;
+use Illuminate\Support\Str;
 
 /**
  * Session configuration options.
@@ -72,7 +72,7 @@ return [
     // to the server if the browser has a HTTPS connection. This will keep
     // the cookie from being sent to you if it can not be done securely.
     'secure' => env('SESSION_SECURE_COOKIE', null)
-        ?? Str::startsWith(env('APP_URL'), 'https:'),
+        ?? Str::startsWith(env('APP_URL', ''), 'https:'),
 
     // HTTP Access Only
     // Setting this value to true will prevent JavaScript from accessing the
@@ -85,4 +85,11 @@ return [
     // do not enable this as other CSRF protection services are in place.
     // Options: lax, strict, none
     'same_site' => 'lax',
+
+
+    // Partitioned Cookies
+    // Setting this value to true will tie the cookie to the top-level site for
+    // a cross-site context. Partitioned cookies are accepted by the browser
+    // when flagged "secure" and the Same-Site attribute is set to "none".
+    'partitioned' => false,
 ];