On Thu, Nov 26, 2020 at 1:33 PM Rahul Shirsat < rahul.shir...@enterprisedb.com> wrote:
> Yes Akshay. > > I think we should go ahead adding this approach in the pgadmin faqs, we > would not be fixing this in our code as we don't know when Apple would fix > its issue. > Or, add these configs in the config_distro.py for Mac packages. -- Ashesh > > On Thu, Nov 26, 2020 at 11:27 AM Akshay Joshi < > akshay.jo...@enterprisedb.com> wrote: > >> Hi Rahul >> >> On Wed, Nov 25, 2020 at 4:07 PM Rahul Shirsat < >> rahul.shir...@enterprisedb.com> wrote: >> >>> Hi Dave, >>> >>> Due to SameSite security issues in Safari Browser, some of the pgadmin4 >>> functionality isn't working (mostly the new tab functionality). >>> >>> The affected Safari Browser versions (marked in red) currently tested >>> upon are: >>> >>> 1. v11.1.2 >>> 2. v12.1 >>> 3. v12.1.1 >>> 4. 13.1 >>> 5. 14.0.1 >>> >>> Since v12, Safari have done some security fixes, due to which this issue >>> has occurred. Strangely, the issue is not reproducible on v13, but >>> reproducible on its successor i.e. v14 >>> >>> Possible solutions could be: >>> >>> 1. Reporting this to Safari & raising an RM for tracking purposes. >>> 2. Suggesting Safari users to make below changes in config.py or >>> config_distro for the work around: >>> >>> *SESSION_COOKIE_SAMESITE = None* >>> >>> *SESSION_COOKIE_SECURE = True* >>> (As we aren't going through any cross-site cookie transfer, this can be >>> a handy option - but still risky..) >>> >>> I would suggest going with the 1st option or combination of both, but >>> with caution. >>> >> >> In my opinion, we should go with both the options, as we have added >> the above settings for security purposes. >> >>> >>> -- >>> *Rahul Shirsat* >>> Software Engineer | EnterpriseDB Corporation. >>> >> >> >> -- >> *Thanks & Regards* >> *Akshay Joshi* >> *pgAdmin Hacker | Principal Software Architect* >> *EDB Postgres <http://edbpostgres.com>* >> >> *Mobile: +91 976-788-8246* >> > > > -- > *Rahul Shirsat* > Software Engineer | EnterpriseDB Corporation. >
