Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Other: Cannot login to local environment: missing CookieSecurePolicy.Always? #1880

Open
2 of 7 tasks
szc126 opened this issue Jan 19, 2025 · 0 comments
Open
2 of 7 tasks

Other: Cannot login to local environment: missing CookieSecurePolicy.Always? #1880

szc126 opened this issue Jan 19, 2025 · 0 comments
Labels
bug/error Bugs and errors (timeout) complexity: unknown Unknown days of work priority: low Issues/Tasks that are not so important

Comments

@szc126
Copy link
Collaborator

szc126 commented Jan 19, 2025

Website (required)

VocaDB

Describe the bug (required)

I had to add options.Cookie.SecurePolicy = CookieSecurePolicy.Always; to VocaDbWeb/Startup.cs for the login cookie (local dev environment) to be accepted.

local log:
[.NET ThreadPool Worker] WARN The cookie '.AspNetCore.Cookies' has set 'SameSite=None' and must also set 'Secure'.

browser console:

Cookie warnings 2
Cookie “XSRF-TOKEN” does not have a proper “SameSite” attribute value. Soon, cookies without the “SameSite” attribute or with an invalid value will be treated as “Lax”. This means that the cookie will no longer be sent in third-party contexts. If your application depends on this cookie being available in such contexts, please add the “SameSite=None“ attribute to it. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite token
Cookie “XSRF-TOKEN” does not have a proper “SameSite” attribute value. Soon, cookies without the “SameSite” attribute or with an invalid value will be treated as “Lax”. This means that the cookie will no longer be sent in third-party contexts. If your application depends on this cookie being available in such contexts, please add the “SameSite=None“ attribute to it. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite token

----

Cookie “.AspNetCore.Cookies” rejected because it has the “SameSite=None” attribute but is missing the “secure” attribute.

https://discord.com/channels/309072240639737866/1271565701601296506/1304288453952802887

Checklist (required)

Fill out the checklist. Use strikethroughs or leave fields empty if you don't know or are unable to check/test.

  • Searched VocaDB/vocadb for duplicate issues.
  • Tested on the beta site.
  • Tested on different browsers (e.g. Firefox, Chrome, Safari, Edge).
  • Checked in private mode.
  • Cleared browser cache and cookies.
  • Checked the DevTools console.
  • Checked the syslog (mods+ only).
@szc126 szc126 added the bug/error Bugs and errors (timeout) label Jan 19, 2025
@szc126 szc126 changed the title Cannot login in local environment Cannot login to local environment: missing CookieSecurePolicy.Always? Jan 19, 2025
@andreoda andreoda changed the title Cannot login to local environment: missing CookieSecurePolicy.Always? Other: Cannot login to local environment: missing CookieSecurePolicy.Always? Jan 27, 2025
@andreoda andreoda added priority: low Issues/Tasks that are not so important complexity: unknown Unknown days of work labels Jan 27, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug/error Bugs and errors (timeout) complexity: unknown Unknown days of work priority: low Issues/Tasks that are not so important
Projects
Bugs, errors, other non-functioning things
Status: Requested/Todo
Milestone
No milestone
Development

No branches or pull requests
2 participants
@szc126 @andreoda