lapis icon indicating copy to clipboard operation
lapis copied to clipboard

Published 20 hours ago verified publisher icon leafo

lapis_session warning on modern Firefox

Open vadi2 opened this issue 5 years ago • 2 comments

Firefox console says the following:

Cookie “lapis_session” will be soon rejected because it has the “sameSite” attribute set to “none” or an invalid value, without the “secure” attribute. To know more about the “sameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Cookies

vadi2 avatar May 21 '20 18:05 vadi2

Chrome will, too. They've just paused the rollout because of the human malware: https://www.chromium.org/updates/same-site

turbo avatar May 21 '20 23:05 turbo

The cookie_attributes method will let you override any cookie parameters appended to set cookie response headers: https://leafo.net/lapis/reference/actions.html#request-object/cookies

Here's the default value: "Path=/; HttpOnly"

I was under the impression that browsers were going to be setting SameSite=Lax by default. I think Lax makes the most sense for a default here.

leafo avatar May 23 '20 17:05 leafo