Dear Wolfgang,
i've added a followup change, such that that the omission of "-samesite"
flag
on ns_cookie does not result into a "samesite=none". This is more
conservative.
-g
On 01.09.20 10:18, Wolfgang Winkler via naviserver-devel wrote:
Dear Gustaf,
bthanks for the speedy fix. We've cherry picked the commit for 4.99.19
and it works flawlessly.
Cookie handling has become a catch up game lately, as browser vendors
are getting more and more creative without a proper standardization
process.
Regards,
wiwo
Am 31.08.20 um 12:54 schrieb Gustaf Neumann:
Wolfgang,
you are right, explicit setting of same-site=none is necessary now.
In previous versions of browsers, no explicit setting
of the same-site flag was exactly the same as explicit setting
(an implicit default of same-site=none)
Since some browsers switched to a default of "lax", explicit
setting became necessary.
Fixed now on bitbucket.
-gn
PS: it is not developer-friendly that the behavior is changed
on the fly.... On the client site, the disruptive behavior
change was intended, so changing the default value on the
server is probably not good - and is left unchanged.
_______________________________________________
naviserver-devel mailing list
naviserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/naviserver-devel
--
*Wolfgang Winkler*
Geschäftsführung
wolfgang.wink...@digital-concepts.com
mobil +43.699.19971172
dc:*büro*
digital concepts Novak Winkler OG
Software & Design
Landstraße 68, 5. Stock, 4020 Linz
www.digital-concepts.com <http://www.digital-concepts.com>
tel +43.732.997117.72
tel +43.699.1997117.2
Firmenbuchnummer: 192003h
Firmenbuchgericht: Landesgericht Linz
_______________________________________________
naviserver-devel mailing list
naviserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/naviserver-devel
_______________________________________________
naviserver-devel mailing list
naviserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/naviserver-devel
