Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

lapis_session warning on modern Firefox #692

Open
vadi2 opened this issue May 21, 2020 · 2 comments
Open

lapis_session warning on modern Firefox #692

vadi2 opened this issue May 21, 2020 · 2 comments

Comments

@vadi2
Copy link
Contributor

vadi2 commented May 21, 2020

Firefox console says the following:

Cookie “lapis_session” will be soon rejected because it has the “sameSite” attribute set to “none” or an invalid value, without the “secure” attribute. To know more about the “sameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Cookies
@turbo
Copy link
Contributor

turbo commented May 21, 2020

Chrome will, too. They've just paused the rollout because of the human malware: https://www.chromium.org/updates/same-site

@leafo
Copy link
Owner

leafo commented May 23, 2020

The cookie_attributes method will let you override any cookie parameters appended to set cookie response headers: https://leafo.net/lapis/reference/actions.html#request-object/cookies

Here's the default value: "Path=/; HttpOnly"

I was under the impression that browsers were going to be setting SameSite=Lax by default. I think Lax makes the most sense for a default here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@leafo @vadi2 @turbo