WPO365 | SAMESITE

Description

Plugin for WordPress websites that require a user to sign in (e.g. with Microsoft using the WPO365 plugin) and that are loaded inside an iframe (e.g. inside a Microsoft Teams App / Tab or similar). The plugin overrides the pluggable WordPress function wp_set_auth_cookie to always set SameSite=None to enable third-party usage of cookies.

Prerequisites

  • The SameSite=None flag is only respected by browsers such as Chrome when the cookie’s Secure flag is set. Therefore the website must use SSL for the plugin to effectively enable browser support for 3rd party cookies.

Support

I will go to great length trying to support you if the plugin doesn’t work as expected. Go to our Support Page to get in touch. I haven’t been able to test our plugin in all endless possible WordPress configurations and versions so I am keen to hear from you and happy to learn!

Feedback

I am keen to hear from you so share your feedback with me on Twitter and help me get better!

Open Source

When you’re a developer and interested in the code you should have a look at the corresponding gist at github.

Installation

Perform the following steps to install the plugin:

  • Go to WP Admin > Plugins > Add new and search for WPO365.
  • Click Install to install the plugin.
  • Click Activate to activate the plugin.

Reviews

Setyembre 2, 2020 1 reply
This is a simple little solution that actually works. Easy set up, no hassle.
Read all 2 reviews

Contributors & Developers

“WPO365 | SAMESITE” is open source software. The following people have contributed to this plugin.

Contributors

Translate “WPO365 | SAMESITE” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.

Changelog

v1.4

  • Fix: Tested with latest versions of WordPress and PHP.

v1.3

  • Fix: Tested with latest versions of WordPress and PHP.

v1.2

  • Fix: Added support for PHP 8.

v1.1

  • Fix: The plugin would end up in an infinitely loop when using PHP 7.2 or older. This has been fixed by implementing a work-around that abuses the “path” or “domain” parameter of PHP’s “setcookie” function to sneak in the SameSite attribute because PHP does not escape semicolons.

v1.0

  • Initial version