-
Notifications
You must be signed in to change notification settings - Fork 84
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adds config for samesite support #68
Adds config for samesite support #68
Conversation
Probably will need these recommended helper functions for browsers which are incompatible with
https://www.chromium.org/updates/same-site/incompatible-clients Or implement like below:
|
Changes look good but the component is getting a tad complicated now. Anyway, I will merge tomorrow so I can release it as well. Thanks for the support man, good PR! |
No worries :) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
2 remarks and you're missing README changes.
Trying some stuff out and it seems like your default implementation of |
- extracted code which handles setting/getting cookies. - added correct implementation of the legacy cookie fix according to the provided url - added cookieSecurity attribute with default value based on runtime environment - updated README - ran builds
Yo. I couldn't help myself so I pushed some code and fixed the issues myself. I marked the new package as a major version (5.0.0) because the default cookieSecurity value might break very strict implementations. |
Ok much thanks! |
Opening a PR to address issue #67
This PR adds configuration options and proptypes that can handle setting samesite/first-party and crosssite/third-party cookies.
Samesite options goes from strict to lax to none
These use strict or lax samesite options
These use option none, which sets cookie as samesite=none and secure=true (aka needs https)
Using below recommended implementation:
BROWSER SUPPORT FOR SECURITY 'SameSite' cookie attribute
Relevant links:
https://github.com/js-cookie/js-cookie#samesite
https://adzerk.com/blog/chrome-samesite/
https://web.dev/samesite-cookies-explained/
https://web.dev/samesite-cookie-recipes/
https://www.thinktecture.com/en/identity/samesite/samesite-in-a-nutshell/
https://www.thinktecture.com/en/identity/samesite/samesite-in-a-nutshell/#the-chrome-vs-safari-issue
https://www.chromium.org/updates/same-site/incompatible-clients
https://www.chromium.org/updates/same-site/test-debug
https://www.lambdatest.com/SameSite-cookie-attribute