Form: added disableSameSiteProtection()

see https://forum.nette.org/cs/32609-nette-samesite-trvale-jak-resit-iframe

Author: dg

src/Application/UI/Form.php

@@ -20,6 +20,9 @@ class Form extends Nette\Forms\Form implements ISignalReceiver
 	/** @var callable[]&(callable(Form $sender): void)[]; Occurs when form is attached to presenter */
 	public $onAnchor;
 
+	/** @var bool */
+	private $sameSiteProtection = true;
+
 
 	/**
 	 * Application form constructor.
@@ -97,6 +100,15 @@ public function isAnchored(): bool
 	}
 
 
+	/**
+	 * Disables CSRF protection using a SameSite cookie.
+	 */
+	public function disableSameSiteProtection(): void
+	{
+		$this->sameSiteProtection = false;
+	}
+
+
 	/**
 	 * Internal: returns submitted HTTP data or null when form was not submitted.
 	 */
@@ -143,7 +155,7 @@ public function signalReceived(string $signal): void
 			$class = get_class($this);
 			throw new BadSignalException("Missing handler for signal '$signal' in $class.");
 
-		} elseif (!$this->getPresenter()->getHttpRequest()->isSameSite()) {
+		} elseif ($this->sameSiteProtection && !$this->getPresenter()->getHttpRequest()->isSameSite()) {
 			$this->getPresenter()->detectedCsrf();
 
 		} elseif (!$this->getPresenter()->getRequest()->hasFlag(Nette\Application\Request::RESTORED)) {