mahara-contributors team mailing list archive

[Mahara Bot <1943525@xxxxxxxxxxxxxxxxxx>]

Reviewed:  https://reviews.mahara.org/c/mahara/+/12567
Committed: https://git.mahara.org/mahara/mahara/commit/27550c7b78c8b11f642fc1becff8b287bd132b56
Submitter: "Robert Lyon <robertl@xxxxxxxxxxxxxxx>"
Branch:    21.10_DEV

commit 27550c7b78c8b11f642fc1becff8b287bd132b56
Author: Robert Lyon <robertl@xxxxxxxxxxxxxxx>
Date:   Sat Sep 11 15:49:00 2021 +1200

Bug 1943525: Setting the non https site cookies 'samesite' option

When we are using non-https site we need to define the samesite option
to be something other than 'none'
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite

So will set this to be 'lax' the new default value

Change-Id: If4011fff680e18ed4ca7600164fb9b64f815b9df
Signed-off-by: Robert Lyon <robertl@xxxxxxxxxxxxxxx>
(cherry picked from commit 33f2b29b1c0331847489d7eacc720da7e21b58d8)

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: mahara-contributors
https://bugs.launchpad.net/bugs/1943525

Title:
  Cookie “mahara” will be soon rejected because it has the “SameSite”
  attribute set to “None”

Status in Mahara:
  Fix Committed
Status in Mahara 20.10 series:
  Fix Committed
Status in Mahara 21.04 series:
  Fix Committed
Status in Mahara 21.10 series:
  Fix Committed
Status in Mahara 22.04 series:
  Fix Committed

Bug description:
  Currently in Firefox on the console log it is warning about:
   Cookie “mahara” will be soon rejected because it has the “SameSite” attribute set to “None”

  This exists when viewing the site in http:// mode

  It doesn't seem to be an issue in https:// mode as the cookie can have
  the secure option there

  This can be fixed up by adding the SameSite cookie attribute to the
  session cookie / ctest cookie

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1943525/+subscriptions