Skip to content

Log for SameSite=None without Secure #24970

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
2 commits merged into from
Aug 18, 2020
Merged

Log for SameSite=None without Secure #24970

2 commits merged into from
Aug 18, 2020

Conversation

@Tratcher
Copy link
Member

@Tratcher Tratcher commented Aug 17, 2020
edited
Loading

Fixes #19939 Setting SameSite=None on a cookie without also setting secure will cause the cookie to be blocked by Chrome. This PR adds a warning log for this condition on all cookies.

We don't want to modify the cookie because we don't know that our modifications will work any better. E.g. if we add secure but the request wasn't https then it's not going to work anyways.

cc: @brockallen

@Tratcher Tratcher added this to the 5.0.0-rc1 milestone Aug 17, 2020
@Tratcher Tratcher requested a review from HaoK August 17, 2020 17:23
@Tratcher Tratcher requested a review from jkotalik as a code owner August 17, 2020 17:23
@Tratcher Tratcher self-assigned this Aug 17, 2020
@ghost ghost added the area-servers label Aug 17, 2020
@Tratcher Tratcher mentioned this pull request Aug 17, 2020
Closed
campersau
campersau reviewed Aug 17, 2020
View reviewed changes
@Tratcher Tratcher force-pushed the tratcher/samesitesecure branch from c91c441 to 7f18442 Compare August 18, 2020 17:09
@Tratcher Tratcher requested review from a team, SteveSandersonMS and halter73 as code owners August 18, 2020 17:09
@Tratcher Tratcher changed the base branch from master to release/5.0 August 18, 2020 17:09
@Tratcher Tratcher removed request for a team and SteveSandersonMS August 18, 2020 17:09
@Tratcher
Copy link
Member Author

Tratcher commented Aug 18, 2020

Rebased on release/5.0

@ghost
Copy link

ghost commented Aug 18, 2020

Hello @Tratcher!

Because this pull request has the auto-merge label, I will be glad to assist with helping to merge this pull request once all check-in policies pass.

p.s. you can customize the way I help with merging this pull request, such as holding this pull request until a specific person approves. Simply @mention me (@msftbot) and give me an instruction to get started! Learn more here.

@ghost ghost merged commit bc40f40 into dotnet:release/5.0 Aug 18, 2020
@Tratcher Tratcher deleted the tratcher/samesitesecure branch August 18, 2020 21:55
@amcasey amcasey added area-networking Includes servers, yarp, json patch, bedrock, websockets, http client factory, and http abstractions and removed area-runtime labels Aug 24, 2023
This pull request was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@HaoK HaoK HaoK approved these changes

@jkotalik jkotalik Awaiting requested review from jkotalik

@halter73 halter73 Awaiting requested review from halter73

+1 more reviewer

@campersau campersau campersau left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@Tratcher Tratcher

Labels

area-networking Includes servers, yarp, json patch, bedrock, websockets, http client factory, and http abstractions

Projects

None yet

Milestone

5.0.0-rc1

Development

Successfully merging this pull request may close these issues.

4 participants

@Tratcher @campersau @HaoK @amcasey