Fix cookies not working cross-site (SameSite=None; Secure)
Fix cookies not working cross-site (
Fix #2441 (closed)
- Need to update a separate project, https://gitlab.com/gitlab-org/gitter/next-gitter-im/-/blob/8779382c9930e480abfd6b4948c1fbb9072322ae/index.html#L151-157
fflip: (feature toggle)
- We're using a fork of the npm package. But it looks like the official npm package hasn't been updated at all.
- The cookie setting is part of the package and we would need to add some more updates to set
- I think I'll just skip this one for now. The feature toggles are not necessary to work in Sidecar
- Google analytics
- Optimizely is being removed in !1995 (merged)
If you try to test locally in
localhost dev, the cookie will be rejected because
SameSite requires the
Secure attribute with HTTPS. So we don't try to add
SameSite in dev localhost.
This Set-Cookie was blocked because it had the "SameSite=None" attribute but did not have the "Secure" attribute, which is required in order to use "SameSite=None".
- Visit https://beta.gitter.im/ and deploy this branch to beta-staging
- Clear your cookies on beta
- Turn on beta-staging, https://gitlab.com/gitlab-org/gitter/webapp/-/blob/develop/docs/developer-faq.md#toggle-between-betabeta-staging
- Sign in to beta-staging
- Open the chrome devtools -> Application -> Cookies
- Notice the
SameSitecolumn and the