[erp5_core] Use SameSite=None cookie (!976) · Merge Requests · nexedi / erp5 · GitLab

[erp5_core] Use SameSite=None cookie

The Chrome dev team plans to change the default cookie behaviour by setting the SameSite attribute to Lax.

This will break OfficeJS access for Chrome 80 users, as the cookie will not be send anymore when erp5 would be accessed from the external web site.

In order to keep the current functionalities, one quick solution is too manually set the SameSite value to None.

Of course, doing it would prevent to get all the benefits of the Lax value. But I believe we would have to finish MR138 to get it.

Edited 2019-11-14 08:44:04 UTC

Request to merge romain:samesite into master

Discussion 2
Commits 1
Changes 1
{{ resolvedDiscussionCount }}/{{ discussionCount }} {{ resolvedCountText }} resolved

@jerome Jérome Perrin
@jerome
mentioned in merge request !802
2019-11-01 06:31:33 UTC

mentioned in merge request !802

Toggle commit list
@jerome Jérome Perrin
@jerome commented 2019-11-01 07:02:03 UTC

Owner

It seems we don't have any other options in the short term.

If we really needed the benefits of lax, it was already possible to change to SameSite=Lax before browsers vendors make this the default (we tried a few months ago and we did not do change for the same officejs compatibility).
@romain Romain Courteaud
@romain commented 2019-11-14 08:44:04 UTC

Owner

Merged by this commit
@romain Romain Courteaud
@romain
closed
2019-11-14 08:44:04 UTC

closed

Toggle commit list

Please register or sign in to post a comment