Re: SameSite issues in Safari Browser (reference #RM5975)
Dave,
Please find below corrected faq details.
Category : Troubleshooting
Question :
When I set new tab settings for query tool or schema-diff, I get
"Connection to server lost" or "CSRF tokens do not match" on Safari
versions >= 12
Answer:
This has been seen mostly on Safari browser versions >= 12. It's
reported that from v12 of CFNetwork/Safari/Webkit erroneously handle
"Samesite=none" as the equivalent of "Samesite=strict". It means, Safari
recognizes the SameSite option starting with version 12, but their
implementation has a bug: It interprets invalid values as if
SameSite=Strict had been specified, and for it only Strict and Lax are
valid values, as the older specification did not yet specify None
To solve this issue, we need to override the SameSite security settings,
for this, create a file called config_system.py (for location to create the
file, refer https://www.pgadmin.org/docs/pgadmin4/development/config_py.html";>The
config.py file). This file can be used to override any of the settings
in config.py (which shouldn't be edited). The config_system.py should have
the below code:
SESSION_COOKIE_SAMESITE = None
SESSION_COOKIE_SECURE = True
Note that these changes are not recommended, and we highly recommend
users to use a different browser until the issue gets resolved from
Apple.
Removed the OS specific condition to make it generic for all distributions.
Added a warning note at the last of the faq.
On Wed, Dec 2, 2020 at 4:33 PM Dave Page wrote:
> Hi
>
> On Tue, Dec 1, 2020 at 5:51 PM Rahul Shirsat <
> rahul.shir...@enterprisedb.com> wrote:
>
>> Hi Dave,
>>
>> Could you please add below FAQ point for SameSite Safari issue:
>>
>> Question :
>> When I set new tab settings for query tool or schema-diff, I get
>> "Connection to server lost" or "CSRF tokens do not match" on Safari
>> versions >= 12
>>
>> Answer:
>> This has been seen mostly on Safari browser versions >= 12. It's
>> reported that from v12 of CFNetwork/Safari/Webkit erroneously handle
>> "Samesite=none" as the equivalent of "Samesite=strict". It means, Safari
>> recognizes the SameSite option starting with version 12, but their
>> implementation has a bug: It interprets invalid values as if
>> SameSite=Strict had been specified, and for it only Strict and Lax are
>> valid values, as the older specification did not yet specify None
>>
>> To solve this issue, we need to override the SameSite security
>> settings, for this, create a file called config_system.py in the web/
>> directory of the installation, alongside the existing config.py. This file
>> can be used to override any of the settings in config.py (which shouldn't
>> be edited). The config_system.py should have the below code:
>>
>
> We could certainly add something like that, though, config_system.py
> doesn't go alongside config.py so that part of the text needs fixing.
>
>
>>
>>
>> import sys
>>
>> # Targeting only macOS
>> if sys.platform.startswith('darwin'):
>> SESSION_COOKIE_SAMESITE = None
>> SESSION_COOKIE_SECURE = True
>>
>>
>> Do suggest or add any points if I am missing them.
>>
>
> And that is not going to work in Server mode, only Desktop.
>
>
>
>>
>> Also, let me know once this is done, So that I will close the ticket.
>>
>> --
>> *Rahul Shirsat*
>> Senior Software Engineer | EnterpriseDB Corporation.
>>
>> On Mon, Nov 30, 2020 at 7:30 PM Rahul Shirsat <
>> rahul.shir...@enterprisedb.com> wrote:
>>
>>> This was the part of our internal quality testing, where it got
>>> encountered. Currently, none of the users have complained about this on
>>> their specific browser versions.
>>>
>>> On Mon, Nov 30, 2020 at 5:12 PM Dave Page wrote:
>>>
Hi
On Mon, Nov 30, 2020 at 7:12 AM Rahul Shirsat <
rahul.shir...@enterprisedb.com> wrote:
> Dave,
>
> There are issues discussed on Apple forums, check this out:
>
> https://developer.apple.com/forums/thread/129064 - The latest comment
> by the user here is one month ago, meaning the issue is still not fixed
> yet.
> https://developer.apple.com/forums/thread/658688 - Users facing this
> issue in v13.x
>
> Even webkit has confirmed about this issue :
> https://bugs.webkit.org/show_bug.cgi?id=198181 - Users facing this
> issue in v12.x
>
In that case, I think the answer (for now at least) is an FAQ,
referencing those issues and explaining how to resolve the issue using
config_system.py or by using a different browser.
Have we actually seen this issue in wild?
>
> On Thu, Nov 26, 2020 at 6:57 PM Dave Page wrote:
>
>> Hi
>>
>> On Wed, Nov 25, 2020 at 10:37 AM Rahul Shirsat <
>> rahul.shir...@enterprisedb.com> wrote:
>>
>>> Hi Dave,
>>>
>>> Due to SameSite security issues in Safari Browser, some of the
>>> pgadmin4 functionality isn't working (mostly the new tab functionality).
>>>
>>> The affected Safari Browser versions (mar
Re: SameSite issues in Safari Browser (reference #RM5975)
Hi
Please check: https://www.pgadmin.org/faq/#13
On Thu, Dec 3, 2020 at 8:54 AM Rahul Shirsat
wrote:
> Dave,
>
> Please find below corrected faq details.
>
> Category : Troubleshooting
>
> Question :
> When I set new tab settings for query tool or schema-diff, I get
> "Connection to server lost" or "CSRF tokens do not match" on Safari
> versions >= 12
>
> Answer:
> This has been seen mostly on Safari browser versions >= 12. It's
> reported that from v12 of CFNetwork/Safari/Webkit erroneously handle
> "Samesite=none" as the equivalent of "Samesite=strict". It means, Safari
> recognizes the SameSite option starting with version 12, but their
> implementation has a bug: It interprets invalid values as if
> SameSite=Strict had been specified, and for it only Strict and Lax are
> valid values, as the older specification did not yet specify None
>
> To solve this issue, we need to override the SameSite security
> settings, for this, create a file called config_system.py (for location to
> create the file, refer https://www.pgadmin.org/docs/pgadmin4/development/config_py.html";>The
> config.py file). This file can be used to override any of the settings
> in config.py (which shouldn't be edited). The config_system.py should have
> the below code:
>
>
> SESSION_COOKIE_SAMESITE = None
> SESSION_COOKIE_SECURE = True
>
> Note that these changes are not recommended, and we highly recommend
> users to use a different browser until the issue gets resolved from
> Apple.
>
> Removed the OS specific condition to make it generic for all distributions.
> Added a warning note at the last of the faq.
>
> On Wed, Dec 2, 2020 at 4:33 PM Dave Page wrote:
>
>> Hi
>>
>> On Tue, Dec 1, 2020 at 5:51 PM Rahul Shirsat <
>> rahul.shir...@enterprisedb.com> wrote:
>>
>>> Hi Dave,
>>>
>>> Could you please add below FAQ point for SameSite Safari issue:
>>>
>>> Question :
>>> When I set new tab settings for query tool or schema-diff, I get
>>> "Connection to server lost" or "CSRF tokens do not match" on Safari
>>> versions >= 12
>>>
>>> Answer:
>>> This has been seen mostly on Safari browser versions >= 12. It's
>>> reported that from v12 of CFNetwork/Safari/Webkit erroneously handle
>>> "Samesite=none" as the equivalent of "Samesite=strict". It means, Safari
>>> recognizes the SameSite option starting with version 12, but their
>>> implementation has a bug: It interprets invalid values as if
>>> SameSite=Strict had been specified, and for it only Strict and Lax are
>>> valid values, as the older specification did not yet specify None
>>>
>>> To solve this issue, we need to override the SameSite security
>>> settings, for this, create a file called config_system.py in the web/
>>> directory of the installation, alongside the existing config.py. This file
>>> can be used to override any of the settings in config.py (which shouldn't
>>> be edited). The config_system.py should have the below code:
>>>
>>
>> We could certainly add something like that, though, config_system.py
>> doesn't go alongside config.py so that part of the text needs fixing.
>>
>>
>>>
>>>
>>> import sys
>>>
>>> # Targeting only macOS
>>> if sys.platform.startswith('darwin'):
>>> SESSION_COOKIE_SAMESITE = None
>>> SESSION_COOKIE_SECURE = True
>>>
>>>
>>> Do suggest or add any points if I am missing them.
>>>
>>
>> And that is not going to work in Server mode, only Desktop.
>>
>>
>>
>>>
>>> Also, let me know once this is done, So that I will close the ticket.
>>>
>>> --
>>> *Rahul Shirsat*
>>> Senior Software Engineer | EnterpriseDB Corporation.
>>>
>>> On Mon, Nov 30, 2020 at 7:30 PM Rahul Shirsat <
>>> rahul.shir...@enterprisedb.com> wrote:
>>>
This was the part of our internal quality testing, where it got
encountered. Currently, none of the users have complained about this on
their specific browser versions.
On Mon, Nov 30, 2020 at 5:12 PM Dave Page wrote:
> Hi
>
> On Mon, Nov 30, 2020 at 7:12 AM Rahul Shirsat <
> rahul.shir...@enterprisedb.com> wrote:
>
>> Dave,
>>
>> There are issues discussed on Apple forums, check this out:
>>
>> https://developer.apple.com/forums/thread/129064 - The latest
>> comment by the user here is one month ago, meaning the issue is still not
>> fixed yet.
>> https://developer.apple.com/forums/thread/658688 - Users facing this
>> issue in v13.x
>>
>> Even webkit has confirmed about this issue :
>> https://bugs.webkit.org/show_bug.cgi?id=198181 - Users facing this
>> issue in v12.x
>>
>
> In that case, I think the answer (for now at least) is an FAQ,
> referencing those issues and explaining how to resolve the issue using
> config_system.py or by using a different browser.
>
> Have we actually seen this issue in wild?
>
>
>
>>
>> On Thu, Nov 26, 2020 at 6:57 PM Dave Page wrote:
>>
>>> Hi
>>>
>>> On Wed, Nov 25, 2020 at 10:37 AM Rahul Shirsat <
>>> rah
Re: SameSite issues in Safari Browser (reference #RM5975)
Thanks Dave.
I have closed the issue.
On Thu, Dec 3, 2020 at 3:02 PM Dave Page wrote:
> Hi
>
> Please check: https://www.pgadmin.org/faq/#13
>
> On Thu, Dec 3, 2020 at 8:54 AM Rahul Shirsat <
> rahul.shir...@enterprisedb.com> wrote:
>
>> Dave,
>>
>> Please find below corrected faq details.
>>
>> Category : Troubleshooting
>>
>> Question :
>> When I set new tab settings for query tool or schema-diff, I get
>> "Connection to server lost" or "CSRF tokens do not match" on Safari
>> versions >= 12
>>
>> Answer:
>> This has been seen mostly on Safari browser versions >= 12. It's
>> reported that from v12 of CFNetwork/Safari/Webkit erroneously handle
>> "Samesite=none" as the equivalent of "Samesite=strict". It means, Safari
>> recognizes the SameSite option starting with version 12, but their
>> implementation has a bug: It interprets invalid values as if
>> SameSite=Strict had been specified, and for it only Strict and Lax are
>> valid values, as the older specification did not yet specify None
>>
>> To solve this issue, we need to override the SameSite security
>> settings, for this, create a file called config_system.py (for location to
>> create the file, refer https://www.pgadmin.org/docs/pgadmin4/development/config_py.html";>The
>> config.py file). This file can be used to override any of the settings
>> in config.py (which shouldn't be edited). The config_system.py should have
>> the below code:
>>
>>
>> SESSION_COOKIE_SAMESITE = None
>> SESSION_COOKIE_SECURE = True
>>
>> Note that these changes are not recommended, and we highly
>> recommend users to use a different browser until the issue gets resolved
>> from Apple.
>>
>> Removed the OS specific condition to make it generic for all
>> distributions.
>> Added a warning note at the last of the faq.
>>
>> On Wed, Dec 2, 2020 at 4:33 PM Dave Page wrote:
>>
>>> Hi
>>>
>>> On Tue, Dec 1, 2020 at 5:51 PM Rahul Shirsat <
>>> rahul.shir...@enterprisedb.com> wrote:
>>>
Hi Dave,
Could you please add below FAQ point for SameSite Safari issue:
Question :
When I set new tab settings for query tool or schema-diff, I get
"Connection to server lost" or "CSRF tokens do not match" on Safari
versions >= 12
Answer:
This has been seen mostly on Safari browser versions >= 12. It's
reported that from v12 of CFNetwork/Safari/Webkit erroneously handle
"Samesite=none" as the equivalent of "Samesite=strict". It means, Safari
recognizes the SameSite option starting with version 12, but their
implementation has a bug: It interprets invalid values as if
SameSite=Strict had been specified, and for it only Strict and Lax are
valid values, as the older specification did not yet specify None
To solve this issue, we need to override the SameSite security
settings, for this, create a file called config_system.py in the web/
directory of the installation, alongside the existing config.py. This file
can be used to override any of the settings in config.py (which shouldn't
be edited). The config_system.py should have the below code:
>>>
>>> We could certainly add something like that, though, config_system.py
>>> doesn't go alongside config.py so that part of the text needs fixing.
>>>
>>>
import sys
# Targeting only macOS
if sys.platform.startswith('darwin'):
SESSION_COOKIE_SAMESITE = None
SESSION_COOKIE_SECURE = True
Do suggest or add any points if I am missing them.
>>>
>>> And that is not going to work in Server mode, only Desktop.
>>>
>>>
>>>
Also, let me know once this is done, So that I will close the ticket.
--
*Rahul Shirsat*
Senior Software Engineer | EnterpriseDB Corporation.
On Mon, Nov 30, 2020 at 7:30 PM Rahul Shirsat <
rahul.shir...@enterprisedb.com> wrote:
> This was the part of our internal quality testing, where it got
> encountered. Currently, none of the users have complained about this on
> their specific browser versions.
>
> On Mon, Nov 30, 2020 at 5:12 PM Dave Page wrote:
>
>> Hi
>>
>> On Mon, Nov 30, 2020 at 7:12 AM Rahul Shirsat <
>> rahul.shir...@enterprisedb.com> wrote:
>>
>>> Dave,
>>>
>>> There are issues discussed on Apple forums, check this out:
>>>
>>> https://developer.apple.com/forums/thread/129064 - The latest
>>> comment by the user here is one month ago, meaning the issue is still
>>> not
>>> fixed yet.
>>> https://developer.apple.com/forums/thread/658688 - Users facing
>>> this issue in v13.x
>>>
>>> Even webkit has confirmed about this issue :
>>> https://bugs.webkit.org/show_bug.cgi?id=198181 - Users facing this
>>> issue in v12.x
>>>
>>
>> In that case, I think the answer (for now at least) is an FAQ,
>> referencing those issues and explaining how to resolve the issue using
>> conf
