Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add compatibility cookie for SameSite, with option to turn it off #1232

Merged
merged 2 commits into from
Jan 21, 2022
Merged

Add compatibility cookie for SameSite, with option to turn it off #1232

merged 2 commits into from
Jan 21, 2022

Conversation

stevehobbsdev
Copy link
Contributor

Changes

#1229 introduced a change that set sameSite to none when using HTTPS. This can cause problems for older user agents that don't support this. This PR introduces a compatibility cookie where secure is set and sameSite is left blank, much like Auth0 Server behaviour as well as in Auth0 SPA SDK.

See https://www.chromium.org/updates/same-site/incompatible-clients for information on which browsers are affected.

In addition, a new configuration option legacySameSiteCookie is introduced to control this behaviour. It defaults to true when not configured, which enables the legacy SameSite cookie behaviour. Setting legacySameSiteCookie to false disables this behaviour.

References

#1229

Testing

Please describe how this can be tested by reviewers. Be specific about anything not tested and reasons why. If this library has unit and/or integration testing, tests should be added for new functionality and existing tests should complete without errors.

  • This change adds unit test coverage
  • This change adds integration test coverage

Checklist

@stevehobbsdev stevehobbsdev requested a review from a team as a code owner January 20, 2022 12:28
@stevehobbsdev stevehobbsdev added the review:small Small review label Jan 20, 2022
@stevehobbsdev
Copy link
Contributor Author

Note for reviewers: looks like the diff has a lot of formatting changes in, I can recommend turning off whitespace changes to dilute it a bit.

@stevehobbsdev stevehobbsdev merged commit 5eb72cf into master Jan 21, 2022
@stevehobbsdev stevehobbsdev deleted the feat/legacy-cookies branch January 21, 2022 11:52
This was referenced Jan 25, 2022
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@frederikprijck frederikprijck frederikprijck approved these changes

Assignees
No one assigned
Labels
review:small Small review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@stevehobbsdev @frederikprijck