Fix #18695: Added `yii\web\Cookie::SAME_SITE_NONE` constant

framework/CHANGELOG.md

@@ -10,6 +10,7 @@ Yii Framework 2 Change Log
 - Enh #18669: Changed visibility of `yii\web\User::checkRedirectAcceptable()` to `public` (rhertogh)
 - Enh #18676: Added method `yii\helpers\BaseFileHelper::changeOwnership()` and properties `newFileMode`/`newFileOwnership` in `yii\console\controllers\BaseMigrateController` (rhertogh)
 - Bug #18678: Fix `yii\caching\DbCache` to use configured cache table name instead of the default one in case of MSSQL varbinary column type detection (aidanbek)
+- Enh #18695: Added `yii\web\Cookie::SAME_SITE_NONE` constant (rhertogh)
 
 
 2.0.42.1 May 06, 2021

framework/web/Cookie.php

@@ -33,6 +33,16 @@ class Cookie extends \yii\base\BaseObject
      * @see $sameSite
      */
     const SAME_SITE_STRICT = 'Strict';
+    /**
+     * SameSite policy None disables the SameSite policy so cookies will be sent in all contexts,
+     * i.e in responses to both first-party and cross-origin requests.
+     * E.g. a POST request from https://otherdomain.com to https://yourdomain.com will include the cookie.
+     * Note: If `sameSite` is set to None, the `secure` attribute must be set to `true` (otherwise the cookie will be blocked by the browser).
+     * @see $sameSite
+     * @see $secure
+     * @since 2.0.43
+     */
+    const SAME_SITE_NONE = 'None';
 
     /**
      * @var string name of the cookie
@@ -68,7 +78,7 @@ class Cookie extends \yii\base\BaseObject
     /**
      * @var string SameSite prevents the browser from sending this cookie along with cross-site requests.
      *
-     * See https://owasp.org/www-community/SameSite for more information about sameSite.
+     * See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite for more information about sameSite.
      *
      * @since 2.0.21
      */