https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26019
Kyle M Hall changed:
What|Removed |Added
Status|Pushed to master|RESOLVED
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26019
--- Comment #24 from Fridolin Somers ---
Pushed to master for 22.05, thanks to everybody involved 濾
--
You are receiving this mail because:
You are watching all bug changes.
___
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26019
Fridolin Somers changed:
What|Removed |Added
Version(s)||22.05.00
released
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26019
--- Comment #23 from Owen Leonard ---
I've added an additional followup, so if RM would like another signoff please
reset the status.
--
You are receiving this mail because:
You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26019
--- Comment #22 from Owen Leonard ---
Created attachment 133214
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=133214=edit
Bug 26019: (follow-up) Set SameSite attribute on Cart cookies
--
You are receiving this
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26019
--- Comment #21 from Owen Leonard ---
Created attachment 133213
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=133213=edit
Bug 26019: Add two other js cookies
Test plan:
Same as former patch. Use OPAC adv search
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26019
Owen Leonard changed:
What|Removed |Added
Attachment #132804|0 |1
is obsolete|
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26019
Owen Leonard changed:
What|Removed |Added
Status|Patch doesn't apply |Passed QA
--
You are
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26019
Fridolin Somers changed:
What|Removed |Added
CC|
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26019
--- Comment #18 from Kyle M Hall ---
Created attachment 132805
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=132805=edit
Bug 26019: Add two other js cookies
Test plan:
Same as former patch. Use OPAC adv search
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26019
Kyle M Hall changed:
What|Removed |Added
Attachment #131836|0 |1
is obsolete|
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26019
Kyle M Hall changed:
What|Removed |Added
Status|Signed Off |Passed QA
--
You are
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26019
Kyle M Hall changed:
What|Removed |Added
CC||k...@bywatersolutions.com
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26019
Marcel de Rooy changed:
What|Removed |Added
Component|System Administration |Architecture, internals,
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26019
--- Comment #16 from Marcel de Rooy ---
Created attachment 131837
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=131837=edit
Bug 26019: Add two other js cookies
Test plan:
Same as former patch. Use OPAC adv
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26019
Marcel de Rooy changed:
What|Removed |Added
Attachment #130566|0 |1
is obsolete|
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26019
Marcel de Rooy changed:
What|Removed |Added
Status|Needs Signoff |Signed Off
--
You are
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26019
--- Comment #14 from Marcel de Rooy ---
Just a faint remark on:
+-sameSite => 'Lax'
I always tend to end parameter lines with a comma. Easier to add another one..
Does not mean that it needs correction now.
--
You
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26019
Owen Leonard changed:
What|Removed |Added
Attachment #130565|0 |1
is obsolete|
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26019
--- Comment #12 from Owen Leonard ---
Created attachment 130565
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=130565=edit
Bug 26019: Koha should set SameSite attribute on cookies
This patch modifies the way Koha
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26019
Owen Leonard changed:
What|Removed |Added
Patch complexity|--- |Small patch
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26019
Owen Leonard changed:
What|Removed |Added
Depends on||29940
Referenced Bugs:
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26019
Owen Leonard changed:
What|Removed |Added
Assignee|koha-b...@lists.koha-commun |oleon...@myacpl.org
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26019
--- Comment #11 from Owen Leonard ---
Would it be a logical first step to explicitly set SameSite to Lax for the
cookies we set without a SameSite attribute?
--
You are receiving this mail because:
You are watching all bug
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26019
--- Comment #10 from David Cook ---
Ahhh yes I assume that must be what this is about?
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite#Fixing_common_warnings
If the browser is showing this warning for
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26019
--- Comment #9 from David Cook ---
I notice some console errors saying "A cookie associated with a cross-site
resource at http://youtube.com/ was set without the `SameSite` attribute. A
future release of Chrome will only deliver
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26019
--- Comment #8 from David Cook ---
I've actually been looking for cookies on sites I use, and for the most part I
don't see any actually setting SameSite. (Of course, many of the sites are
using ServiceWorker, and at a glance it's
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26019
--- Comment #7 from David Cook ---
So I'd argue it's not just a case of people creating a security risk by using
SameSite=None, but also a case of people breaking things by using
SameSite=Strict, which really just leaves
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26019
--- Comment #6 from David Cook ---
But what's the use case for a Koha staff user changing the SameSite value for a
cookie?
Due to deep linking (e.g. linking to a search result page and visiting it as an
authenticated user), I can't
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26019
--- Comment #5 from Tomás Cohen Arazi ---
(In reply to David Cook from comment #3)
> (In reply to Marcel de Rooy from comment #2)
> > Why wouldnt we add a preference like SameSiteCookie to include cookie names
> > that do not want
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26019
--- Comment #4 from Marcel de Rooy ---
(In reply to David Cook from comment #3)
> (In reply to Marcel de Rooy from comment #2)
> > Why wouldnt we add a preference like SameSiteCookie to include cookie names
> > that do not want to
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26019
--- Comment #3 from David Cook ---
(In reply to Marcel de Rooy from comment #2)
> Why wouldnt we add a preference like SameSiteCookie to include cookie names
> that do not want to default to Lax ?
Why should we let librarians
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26019
Marcel de Rooy changed:
What|Removed |Added
CC||m.de.r...@rijksmuseum.nl
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26019
--- Comment #1 from David Cook ---
I'm more interested in this one now after replying to your comment on Bug
25360.
I figure CGISESSID should be SameSite=Lax, but maybe other cookies could be
SameSite=Strict.
That being said...
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26019
David Cook changed:
What|Removed |Added
CC||dc...@prosentient.com.au
--
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26019
Tomás Cohen Arazi changed:
What|Removed |Added
See Also|
36 matches
Mail list logo
