gateway icon indicating copy to clipboard operation
gateway copied to clipboard
verified publisher icon envoyproxy

default on SameSite attribute unset for Oauth2 cookies

Open arkodg opened this issue 6 months ago • 2 comments

Revisits https://github.com/envoyproxy/gateway/pull/6289 which had set SameSite=Strict. This may cause some issues for specific flows

I had misinterpresented the meaning of Disabled earlier, it means Unset, and is separate from Samesite=None

arkodg avatar Jun 18 '25 20:06 arkodg

cc @vibe

arkodg avatar Jun 18 '25 20:06 arkodg

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 70.72%. Comparing base (3e14c49) to head (0192e03). Report is 1 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #6347      +/-   ##
==========================================
- Coverage   70.75%   70.72%   -0.03%     
==========================================
  Files         220      220              
  Lines       37103    37089      -14     
==========================================
- Hits        26253    26233      -20     
- Misses       9314     9317       +3     
- Partials     1536     1539       +3

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

:rocket: New features to boost your workflow:
  • :snowflake: Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

codecov[bot] avatar Jun 18 '25 20:06 codecov[bot]

Totally reasonable to default back to disabled / unset.

Thanks @arkodg

vibe avatar Jun 22 '25 01:06 vibe

/retest

shawnh2 avatar Jun 22 '25 04:06 shawnh2