Skip to content
Snippets Groups Projects

Fix SameSite=None incompatible check not working

Merged Stan Hu requested to merge sh-fix-same-site-header-check into master
All threads resolved!

!40667 (merged) didn't actually work because we need to read the Rack HTTP_USER_AGENT entry from the request headers instead of the response headers.

Relates to #241785 (closed)

Edited by Stan Hu

Merge request reports

Loading
Loading

Activity

Filter activity
  • Approvals
  • Assignees & reviewers
  • Comments (from bots)
  • Comments (from users)
  • Commits & branches
  • Edits
  • Labels
  • Lock status
  • Mentions
  • Merge request status
  • Tracking
  • Stan Hu added 1 commit

    added 1 commit

    • 031e2392 - Fix SameSite=None incompatible check not working

    Compare with previous version

  • Stan Hu assigned to @splattael and unassigned @stanhu

    assigned to @splattael and unassigned @stanhu

  • Reviewer roulette

    Changes that require review have been detected! A merge request is normally reviewed by both a reviewer and a maintainer in its primary category (e.g. frontend or backend), and by a maintainer in all other categories.

    To spread load more evenly across eligible reviewers, Danger has picked a candidate for each review slot, based on their timezone. Feel free to override these selections if you think someone else would be better-suited, or the chosen person is unavailable.

    To read more on how to use the reviewer roulette, please take a look at the Engineering workflow and code review guidelines. Please consider assigning a reviewer or maintainer who is a domain expert in the area of the merge request.

    Once you've decided who will review this merge request, mention them as you normally would! Danger does not automatically notify them for you.

    Category Reviewer Maintainer
    backend Amy Troschinetz (@atroschinetz) (UTC-7, same timezone as @stanhu) Douglas Barbosa Alexandre (@dbalexandre) (UTC-4, 3 hours ahead of @stanhu)

    If needed, you can retry the danger-review job that generated this comment.

    Generated by :no_entry_sign: Danger

    Edited by 🤖 GitLab Bot 🤖
  • Stan Hu assigned to @stanhu and unassigned @splattael

    assigned to @stanhu and unassigned @splattael

  • 30 30 set_cookie = headers['Set-Cookie']&.strip
    31 31
    32 32 return result if set_cookie.blank? || !ssl?
    33 return result if same_site_none_incompatible?(headers['User-Agent'])
    33 return result if same_site_none_incompatible?(env['User-Agent'])
  • Stan Hu added 1 commit

    added 1 commit

    • 0851e565 - Fix SameSite=None incompatible check not working

    Compare with previous version

  • Stan Hu changed the description

    changed the description

  • Stan Hu added 1 commit

    added 1 commit

    • 3f11dde5 - Fix SameSite=None incompatible check not working

    Compare with previous version

  • Stan Hu
  • Stan Hu assigned to @splattael and unassigned @stanhu

    assigned to @splattael and unassigned @stanhu

  • Stan Hu mentioned in merge request !40667 (merged)

    mentioned in merge request !40667 (merged)

  • Peter Leitzen approved this merge request

    approved this merge request

  • Thanks @stanhu :bow:

    LGTM :thumbsup:

    Setting MWPS :100:

  • Peter Leitzen resolved all threads

    resolved all threads

  • Peter Leitzen enabled an automatic merge when the pipeline for 1ac740a7 succeeds

    enabled an automatic merge when the pipeline for 1ac740a7 succeeds

  • merged

  • Peter Leitzen mentioned in commit 670db777

    mentioned in commit 670db777

  • added workflowcanary label and removed workflowstaging label

  • added workflowproduction label and removed workflowcanary label

  • This merge request has been deployed to the pre.gitlab.com environment, and will be included in the upcoming self-managed GitLab 13.5.0 release.


    :robot: This comment is generated automatically using the Release Tools project.

  • This merge request has been deployed to the release.gitlab.net environment, and will be included in the upcoming self-managed GitLab 13.5.0 release.


    :robot: This comment is generated automatically using the Release Tools project.

  • Please register or sign in to reply
    Loading