AkkomaGang/akkoma-fe
5
13
Fork 64
Code Issues 81 Pull requests 19 Projects Releases 1 Wiki Activity

Explicitly set SameSite attribute for cookies #352

Merged
floatingghost merged 1 commit from Oneric/akkoma-fe:cookie-samesite into develop 2023-12-15 11:54:15 +00:00
Conversation 1 Commits 1 Files changed 1 +1 -1
Oneric commented 2023-10-18 23:18:40 +00:00
Member
Copy link

Modern browsers start to tighten down on third-party access to cookies.
E.g. in current Firefox, a warning about the userLanguage cookie was
shown since it did not yet explicitly set the SameSite attribute and the
default is about to change.

The cookie name being referred to as BACKEND_LANGUAGE_COOKIE_NAME
suggests it should be readable by the actual Akkoma backend, which can
live at a different domain than akkoma-fe. Thus explicitly enable
sharing with third-party sites.

No warnings were shown for other cookies, so I assume
this was the only one not yet setting SameSite.

Modern browsers start to tighten down on third-party access to cookies. E.g. in current Firefox, a warning about the userLanguage cookie was shown since it did not yet explicitly set the SameSite attribute and the default is about to change. The cookie name being referred to as BACKEND_LANGUAGE_COOKIE_NAME suggests it should be readable by the actual Akkoma backend, which can live at a different domain than akkoma-fe. Thus explicitly enable sharing with third-party sites. No warnings were shown for other cookies, so I assume this was the only one not yet setting SameSite.
Oneric added 1 commit 2023-10-18 23:18:40 +00:00
Explicitly set SameSite attribute for cookies
All checks were successful
ci/woodpecker/pr/woodpecker Pipeline was successful
Details
ab250c2f3a 
Modern browsers start to tighten down on third-party access to cookies.
E.g. in current Firefox, a warning about the userLanguage cookie was
shown since it did not yet explicitly set the SameSite attribute and the
default is about to change.

The cookie name being referred to as BACKEND_LANGUAGE_COOKIE_NAME
suggests it should be readable by the actual Akkoma backend, which can
live at a different domain than akkoma-fe. Thus explicitly enable
sharing with third-party sites.

No warnings were shown for other cookies, so I assume
this was the only one not yet setting SameSite.
floatingghost commented 2023-12-15 11:54:12 +00:00
Owner
Copy link

yeah that makes sense - not sure how many people actually run it on a different domain, but this is ok

and yeah it does get read by the backend but not for very much of anything 🥴

thanks

yeah that makes sense - not sure how many people actually run it on a different domain, but this is ok and yeah it does get read by the backend but not for very much of anything 🥴 thanks
floatingghost merged commit 81c82e11bc into develop 2023-12-15 11:54:15 +00:00
floatingghost deleted branch cookie-samesite 2023-12-15 11:54:15 +00:00
mel referenced this pull request from a commit 2024-05-15 22:36:01 +00:00
Squashed commit of the following:
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
a11y

Issues and PRs about accessibility

  
Bug

Applies to issues describing bugs

  
Bug fix

Pull requests that squash bugs

  
Critical Priority

   
Documentation

  
Feature

Pull requests that implement new features

  
Feature request

Issues that request new features

  
Held for next release cycle

PR reviewed during release candidate phase, approved and held as PR

  
High Priority

   
Low Priority

   
Medium Priority

   
Minor change

For minor changes, ie CSS alignment changes

  
Translation/Locale

For changes related to translations

  
WIP

Work in progress

No labels
a11y
Bug
Bug fix
Critical Priority
Documentation
Feature
Feature request
Held for next release cycle
High Priority
Low Priority
Medium Priority
Minor change
Translation/Locale
WIP
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: AkkomaGang/akkoma-fe#352
No description provided.
Delete branch "Oneric/akkoma-fe:cookie-samesite"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?