[Koha-bugs] [Bug 26019] Koha should set SameSite attribute on cookies
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Fri Aug 7 01:40:52 CEST 2020
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26019
--- Comment #9 from David Cook <dcook at prosentient.com.au> ---
I notice some console errors saying "A cookie associated with a cross-site
resource at http://youtube.com/ was set without the `SameSite` attribute. A
future release of Chrome will only deliver cookies with cross-site requests if
they are set... with `SameSite=None` and `Secure`."
Is *this* the warning mentioned in
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26019#c0?
If so, I think we can safely ignore it, except in cases where we're doing
Cross-Origin Resource Sharing (CORS) requests, but I don't see why we'd be
passing a cookie with a CORS request (unless you were doing a CORS request to
the API with a cookie but that seems problematic and unnecessary since you can
use OAuth2 or Basic Auth for the API).
--
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
More information about the Koha-bugs
mailing list