From d8521d454337b87ad50d914dd0d5bc7fb5a5a057 Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Fri, 31 Jan 2020 15:55:35 +0900
Subject: [PATCH] =?UTF-8?q?=ED=81=AC=EB=A1=AC=20=EB=B8=8C=EB=9D=BC?=
 =?UTF-8?q?=EC=9A=B0=EC=A0=80=2080=EB=B2=84=EC=A0=84=20samesite=20?=
 =?UTF-8?q?=EC=9D=B4=EC=8A=88=20=EB=8C=80=EC=9D=91=20=EC=BD=94=EB=93=9C?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 common.php | 36 ++++++++++++++++++++++++++++++++----
 1 file changed, 32 insertions(+), 4 deletions(-)

diff --git a/common.php b/common.php
index dcd58135f..f7f42bd2a 100644
--- a/common.php
+++ b/common.php
@@ -216,10 +216,6 @@ ini_set("session.gc_divisor", 100); // session.gc_divisor는 session.gc_probabil
 session_set_cookie_params(0, '/');
 ini_set("session.cookie_domain", G5_COOKIE_DOMAIN);
 
-@session_start();
-//==============================================================================
-
-
 //==============================================================================
 // 공용 변수
 //------------------------------------------------------------------------------
@@ -227,6 +223,38 @@ ini_set("session.cookie_domain", G5_COOKIE_DOMAIN);
 // 기본적으로 사용하는 필드만 얻은 후 상황에 따라 필드를 추가로 얻음
 $config = get_config();
 
+// 본인인증 또는 쇼핑몰 사용시에만 secure; SameSite=None 로 설정합니다.
+if( $config['cf_cert_use'] || (defined('G5_YOUNGCART_VER') && G5_YOUNGCART_VER) ) {
+	// Chrome 80 버전부터 아래 이슈 대응
+	// https://developers-kr.googleblog.com/2020/01/developers-get-ready-for-new.html?fbclid=IwAR0wnJFGd6Fg9_WIbQPK3_FxSSpFLqDCr9bjicXdzy--CCLJhJgC9pJe5ss
+	if(!function_exists('session_start_samesite')) {
+		function session_start_samesite($options = array())
+		{
+			$res = @session_start($options);
+			
+			// IE 브라우저 또는 엣지브라우저 일때는 secure; SameSite=None 을 설정하지 않습니다.
+			if( preg_match('/Edge/i', $_SERVER['HTTP_USER_AGENT']) || preg_match('~MSIE|Internet Explorer~i', $_SERVER['HTTP_USER_AGENT']) || preg_match('~Trident/7.0(; Touch)?; rv:11.0~',$_SERVER['HTTP_USER_AGENT']) ){
+				return $res;
+			}
+
+			$headers = headers_list();
+			krsort($headers);
+			foreach ($headers as $header) {
+				if (!preg_match('~^Set-Cookie: PHPSESSID=~', $header)) continue;
+				$header = preg_replace('~; secure(; HttpOnly)?$~', '', $header) . '; secure; SameSite=None';
+				header($header, false);
+				break;
+			}
+			return $res;
+		}
+	}
+
+	session_start_samesite();
+} else {
+	@session_start();
+}
+//==============================================================================
+
 define('G5_HTTP_BBS_URL',  https_url(G5_BBS_DIR, false));
 define('G5_HTTPS_BBS_URL', https_url(G5_BBS_DIR, true));
 if ($config['cf_editor'])