Reviewed: https://reviews.mahara.org/c/mahara/+/12134 Committed: https://git.mahara.org/mahara/mahara/commit/33f2b29b1c0331847489d7eacc720da7e21b58d8 Submitter: "Gold <[email protected]>" Branch: main
commit 33f2b29b1c0331847489d7eacc720da7e21b58d8 Author: Robert Lyon <[email protected]> Date: Sat Sep 11 15:49:00 2021 +1200 Bug 1943525: Setting the non https site cookies 'samesite' option When we are using non-https site we need to define the samesite option to be something other than 'none' https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite So will set this to be 'lax' the new default value Change-Id: If4011fff680e18ed4ca7600164fb9b64f815b9df Signed-off-by: Robert Lyon <[email protected]> -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Matching subscriptions: mahara-contributors https://bugs.launchpad.net/bugs/1943525 Title: Cookie “mahara” will be soon rejected because it has the “SameSite” attribute set to “None” Status in Mahara: In Progress Status in Mahara 20.10 series: Confirmed Status in Mahara 21.04 series: Confirmed Status in Mahara 21.10 series: Confirmed Status in Mahara 22.04 series: In Progress Bug description: Currently in Firefox on the console log it is warning about: Cookie “mahara” will be soon rejected because it has the “SameSite” attribute set to “None” This exists when viewing the site in http:// mode It doesn't seem to be an issue in https:// mode as the cookie can have the secure option there This can be fixed up by adding the SameSite cookie attribute to the session cookie / ctest cookie To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1943525/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~mahara-contributors Post to : [email protected] Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
