-
Notifications
You must be signed in to change notification settings - Fork 237
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Manage SameSite Cookie Settings #1126
Comments
If you are on the latest version of the SDK, we are already setting SameSite to |
Thank you for your information. As far as I know the cookie setting depends on the browser agent as there are incompatible clients: https://www.chromium.org/updates/same-site/incompatible-clients |
It looks like the fix for legacy cookies (issue #1112) is not in the latest NPM release 2.3.1:
|
@neolefty The legacy cookie fix PR is (unreleased) patch for 1.0.20 iteration of the (legacy) SDK. For the 2.* version, the cookie change for this SDK is already released |
I have an angular app using version 2.4.2 of the @microsoft/application-insights-web package and the SameSite issue doesn't happen in Chrome80 but I noticed that Edge Chromium Version 79.0.309.71 (Official build) (64-bit) is still writing no SameSite attribute that results in a warning (screenshot). |
@hiraldesai Could you delete the cookie and see if it writes it with the correct property? |
Was it also an issue on 2.3.1? |
The issue is that the URL must be https, otherwise we don't write the Secure; or SameSite=None settings. As SameSite requires Secure :-). and looking at the URL in the screenshot its http://localhost |
Ohhh, my bad! Sorry I should have figured it out on my own. Thank you for checking! |
Version 2.4.3 is now published to CDN and NPM and addresses this the SameSite issues, it also includes checks for incompatible clients. |
This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
I was wondering how I can set the SameSite option for the Application Insights cookies. Chrome will change the behavior of SameSite cookies in Feb 2020 (https://www.chromestatus.com/feature/5088147346030592). Is there any documentation how the cookie options are set depending on the browser agent?
The text was updated successfully, but these errors were encountered: