Explicitly set SameSite attribute for cookies #352

Merged
floatingghost merged 1 commits from Oneric/akkoma-fe:cookie-samesite into develop 2023-12-15 11:54:15 +00:00
Contributor

Modern browsers start to tighten down on third-party access to cookies.
E.g. in current Firefox, a warning about the userLanguage cookie was
shown since it did not yet explicitly set the SameSite attribute and the
default is about to change.

The cookie name being referred to as BACKEND_LANGUAGE_COOKIE_NAME
suggests it should be readable by the actual Akkoma backend, which can
live at a different domain than akkoma-fe. Thus explicitly enable
sharing with third-party sites.

No warnings were shown for other cookies, so I assume
this was the only one not yet setting SameSite.

Modern browsers start to tighten down on third-party access to cookies. E.g. in current Firefox, a warning about the userLanguage cookie was shown since it did not yet explicitly set the SameSite attribute and the default is about to change. The cookie name being referred to as BACKEND_LANGUAGE_COOKIE_NAME suggests it should be readable by the actual Akkoma backend, which can live at a different domain than akkoma-fe. Thus explicitly enable sharing with third-party sites. No warnings were shown for other cookies, so I assume this was the only one not yet setting SameSite.
Oneric added 1 commit 2023-10-18 23:18:40 +00:00
ci/woodpecker/pr/woodpecker Pipeline was successful Details
ab250c2f3a
Explicitly set SameSite attribute for cookies
Modern browsers start to tighten down on third-party access to cookies.
E.g. in current Firefox, a warning about the userLanguage cookie was
shown since it did not yet explicitly set the SameSite attribute and the
default is about to change.

The cookie name being referred to as BACKEND_LANGUAGE_COOKIE_NAME
suggests it should be readable by the actual Akkoma backend, which can
live at a different domain than akkoma-fe. Thus explicitly enable
sharing with third-party sites.

No warnings were shown for other cookies, so I assume
this was the only one not yet setting SameSite.

yeah that makes sense - not sure how many people actually run it on a different domain, but this is ok

and yeah it does get read by the backend but not for very much of anything 🥴

thanks

yeah that makes sense - not sure how many people actually run it on a different domain, but this is ok and yeah it does get read by the backend but not for very much of anything 🥴 thanks
floatingghost merged commit 81c82e11bc into develop 2023-12-15 11:54:15 +00:00
floatingghost deleted branch cookie-samesite 2023-12-15 11:54:15 +00:00
Sign in to join this conversation.
No description provided.