mahara-contributors team mailing list archive

[Doris Tam <1943525@xxxxxxxxxxxxxxxxxx>]

To test this bug:

Locally test this for 'http' mode.
1. Before applying the fix, open the developer console in the browser to see the 'SameSite' warning. This will appear on any page in Mahara.
2. After applying the patch, the console warning goes away.

Warning:
Cookie “mahara” will be soon rejected because it has the “SameSite” attribute set to “None” or an invalid value, without the “secure” attribute. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite


** Changed in: mahara
     Assignee: (unassigned) => Robert Lyon (robertl-9)

** Changed in: mahara
       Status: Confirmed => In Progress

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: mahara-contributors
https://bugs.launchpad.net/bugs/1943525

Title:
  Cookie “mahara” will be soon rejected because it has the “SameSite”
  attribute set to “None”

Status in Mahara:
  In Progress

Bug description:
  Currently in Firefox on the console log it is warning about:
   Cookie “mahara” will be soon rejected because it has the “SameSite” attribute set to “None”

  This exists when viewing the site in http:// mode

  It doesn't seem to be an issue in https:// mode as the cookie can have
  the secure option there

  This can be fixed up by adding the SameSite cookie attribute to the
  session cookie / ctest cookie

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1943525/+subscriptions