Explicitly set SameSite attribute for cookies #352

Merged

floatingghost merged 1 commit from Oneric/akkoma-fe:cookie-samesite into develop

2023-12-15 11:54:15 +00:00

Author	SHA1	Message	Date
Oneric	ab250c2f3a	Explicitly set SameSite attribute for cookies All checks were successful ci/woodpecker/pr/woodpecker Pipeline was successful Details Modern browsers start to tighten down on third-party access to cookies. E.g. in current Firefox, a warning about the userLanguage cookie was shown since it did not yet explicitly set the SameSite attribute and the default is about to change. The cookie name being referred to as BACKEND_LANGUAGE_COOKIE_NAME suggests it should be readable by the actual Akkoma backend, which can live at a different domain than akkoma-fe. Thus explicitly enable sharing with third-party sites. No warnings were shown for other cookies, so I assume this was the only one not yet setting SameSite.	2023-10-19 01:05:59 +02:00

Author

SHA1

Message

Date

Oneric

ab250c2f3a

Explicitly set SameSite attribute for cookies

ci/woodpecker/pr/woodpecker Pipeline was successful

Details

Modern browsers start to tighten down on third-party access to cookies.
E.g. in current Firefox, a warning about the userLanguage cookie was
shown since it did not yet explicitly set the SameSite attribute and the
default is about to change.

The cookie name being referred to as BACKEND_LANGUAGE_COOKIE_NAME
suggests it should be readable by the actual Akkoma backend, which can
live at a different domain than akkoma-fe. Thus explicitly enable
sharing with third-party sites.

No warnings were shown for other cookies, so I assume
this was the only one not yet setting SameSite.

2023-10-19 01:05:59 +02:00