[GitHub] [incubator-superset] keehl1213 opened a new issue #11810: SESSION_COOKIE_SAMESITE not woking

Wed, 25 Nov 2020 01:42:41 -0800 


keehl1213 opened a new issue #11810:
URL: https://github.com/apache/incubator-superset/issues/11810


   I wanted to embed dashboard to iframe, but got cross-site issue.  But I 
don't want to use `PUBLIC_ROLE_LIKE_GAMMA = True` and let everyone who knows 
the link to access my dashbaord. The solution I found was to set 
`SESSION_COOKIE_SAMESITE = None`.  The feature have existed after flask 1.0 
[#2607](https://github.com/pallets/flask/pull/2607) [changed 
log](https://flask.palletsprojects.com/en/1.1.x/changelog/)
   
   But no matter what I set, the `samesite` attribute has never shown up.
   
   I can assure that flask and werkzung both are right version.  
[#1549](https://github.com/pallets/werkzeug/issues/1549) and use the right 
config file.
   ### Expected Behavior
   <!-- Tell us what should happen. -->
   
   ```http
   Set-Cookie: session=<session>; Expires=Mon, 23-Nov-2020 11:58:00 GMT; 
Path=/; secure; samesite=<whatever I set>
   ```
   
   ### Actual Behavior
   <!-- Tell us what happens instead. -->
   
   ```http
   Set-Cookie: session=<session>; Expires=Mon, 23-Nov-2020 11:58:00 GMT; 
Path=/; secure
   ```
   
   ### Example
   1. Try to set `samesite=strict` and without secure.
   
   config.py
   ```python
   SESSION_COOKIE_SAMESITE = 'Strict'
   SESSION_COOKIE_HTTPONLY = False
   SESSION_COOKIE_SECURE = False
   ```
   result
   
![image](https://user-images.githubusercontent.com/9116623/100204291-ac4ae780-2f3e-11eb-8b1d-03a21006fd45.png)
   
   
   2. Try to set `samesite=lax` and with secure.
   
   config.py
   ```python
   SESSION_COOKIE_SAMESITE = 'Lax'
   SESSION_COOKIE_HTTPONLY = False
   SESSION_COOKIE_SECURE = True
   ```
   
   result
   
![image](https://user-images.githubusercontent.com/9116623/100205281-dea91480-2f3f-11eb-9561-90bb3a5f76ca.png)
   
   ### Environment
   
   * Python version: 3.6
   * Flask version: 1.1.2
   * Werkzeug version: 1.0.1
   * Superset version: 0.999.0dev
   
   
   ### Checklist
   
   Make sure to follow these steps before submitting your issue - thank you!
   
   - [x] I have checked the superset logs for python stacktraces and included 
it here as text if there are any.
   - [x] I have reproduced the issue with at least the latest released version 
of superset.
   - [x] I have checked the issue tracker for the same issue and I haven't 
found one similar.
   
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[email protected]



---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to