ember-simple-auth icon indicating copy to clipboard operation
ember-simple-auth copied to clipboard

Published 20 hours ago verified publisher icon mainmatter

CookieStore SameSite warning in Firefox

Open eelke opened this issue 1 year ago • 0 comments

I have a project, using ember-simple-auth 6.0.0, and ember 5.3.

My application session store is very basic:

import CookieStore from 'ember-simple-auth/session-stores/cookie';

export default class ApplicationSessionStore extends CookieStore {
  sameSite = 'Strict';
}

This seems to work fine, however (only) in Firefox I see the following warning:

Cookie “ember_simple_auth-session-expiration_time” does not have a proper “SameSite” attribute value. Soon, cookies without the “SameSite” attribute or with an invalid value will be treated as “Lax”. This means that the cookie will no longer be sent in third-party contexts. If your application depends on this cookie being available in such contexts, please add the “SameSite=None“ attribute to it. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite chunk.vendors-node_modules_formatjs_intl_lib_index_js-node_modules_clipboard_dist_clipboard_js-node-736ba6.7f8bb27ee02b0ae8b916.js line 358 > eval:16:3765

And the weird thing here is: the ember_simple_auth-session-expiration_time cookie has not even been set yet at this point. Only ember_simple_auth-session-session exists and is working fine.

eelke avatar Feb 15 '24 11:02 eelke