Hi guys, On Tue, Jan 21, 2020 at 11:49:43AM +0100, Christopher Faulet wrote: > Le 21/01/2020 à 09:14, [email protected] a écrit : > > Hello, > > > > With Chrome 80 release in february, HAProxy persistent session cookie > > will not be working anymore for sites embedded into iframe on multiple > > domains. > > > > See issue https://github.com/haproxy/haproxy/issues/361 > > > > Have you planned something to manage that point soon ?
Well, first, let's cool down a little bit. Browsers normally don't break the web, or when they do so, it takes years or decades. Otherwise their users simply roll back to the previous version or switch to more conservative competitors. If some sites are totally insecure and stop working, it will not be a big loss but these sites will not change any of their components either. Most of the internet's infrastructure cannot afford to perform major upgrades to new compoents just because some browser developers woke up a morning thinking how cool it could be to drop support for something currently working fine. > Here is a quick patch that should fix the issue. It is a generic way to add > attributes to a cookie. For instance: > > cookie SRV insert secure attr "SameSite=Strict" > > Any comments ? I do :-) We should add "*" after the "[ attr ... ]" field in the doc since you allow to repeat the attribute. I did it and merged it. Thanks! Willy
