Fix SameSite=None being incompatible in old browsers/devices (!2010) · Merge requests · gitter / webapp · GitLab

This is an archived project. Repository and other project resources are read-only.

Eric Eastwood requested to merge 2579-fix-incompatible-samesite-none into develop Sep 11, 2020

Fix SameSite=None being incompatible in old browsers/devices

We use the should-send-same-site-none package to conditionally remove SameSite=None from cookies when we detect that a user agent isn't supported.

Testing

Tested on an old iPhone 6 with iOS 12.4.8 ✅
- Confirmed on beta-staging that the b_session and b_auth cookies do not have SameSite
Tested that sign in still works for a modern browser

Fix https://gitlab.com/gitlab-org/gitter/webapp/-/issues/2579

Edited Sep 11, 2020 by Eric Eastwood