postman-app-support icon indicating copy to clipboard operation
postman-app-support copied to clipboard

Published 20 hours ago verified publisher icon postmanlabs

Cookies with Secure attribute not included for localhost

Open jonathanazulay opened this issue 4 years ago • 13 comments

Is there an existing issue for this?

  • [X] I have searched the existing issues

Describe the Issue

When working with cookies having SameSite=None, browsers per standard requires the Secure attribute to be true in order to even set the cookie. This could potentially harm developer experience since most local dev environments are using insecure http://localhost. Chrome luckily has solved this by simply regarding localhost as "Secure" thus still including Secure cookies for http://localhost

I'm not sure how other browsers are doing it but I would be great if postman could do this as well. Seems like Secure cookies are added for neither localhost or localhost:3000.

Steps To Reproduce

  1. Open cookie window in request headers tab
  2. Add SecureCookiePostmanTest=foo; Secure; Path=/; HttpOnly; to localhost
  3. Do a reqeust towards localhost
  4. See how cookie is not included in Cookie response tab

Screenshots or Videos

No response

Environment Information

- Operating System: Mac OS 11.4
- Platform Type: Native App
- Postman Version: 8.9.0

Additional Context?

No response

jonathanazulay avatar Aug 02 '21 18:08 jonathanazulay

The issue is still there for 9.13.0

vorou avatar Feb 04 '22 23:02 vorou

Same issue with Version 9.14.7

numaga94 avatar Mar 02 '22 15:03 numaga94

Related to #4581

Postman for Windows Version 9.18.2 UI Version 9.18.2-ui-220511-0750 Desktop Platform Version 9.16.0 Architecture x64 OS Platform win32 10.0.22000

dgallego58 avatar May 16 '22 01:05 dgallego58

Same here! Postman v9.23.3 on Windows

ferrets6 avatar Jun 30 '22 18:06 ferrets6

same issue with Version 9.22.2 (9.22.2)

vforvikash avatar Jul 13 '22 14:07 vforvikash

same issue with Version 9.20.0-canary

shiva2021 avatar Sep 09 '22 11:09 shiva2021

Still an issue Version 9.31.0 (9.31.0)

ziring-tawfique avatar Oct 07 '22 13:10 ziring-tawfique

Still an issue in version 10.0.42 on Mac

svenjungnickel avatar Nov 02 '22 17:11 svenjungnickel

Still an issue in version 10.6.0 on Windows

MarceloBaeza avatar Dec 22 '22 17:12 MarceloBaeza

same issue here. works on Insomnia though.

MacOS 12.5 Postman 10.6.7

jpangelle avatar Jan 05 '23 20:01 jpangelle

maybe this can help someone, https://stackoverflow.com/questions/74402197/cookie-in-thunder-client-vs-code-extension

for me, set {secure: false} in cookie work.

DevPres avatar Feb 21 '23 22:02 DevPres

How is this still a problem.

sameert89 avatar Mar 30 '24 17:03 sameert89

I have the same issue cookies on localhost not supported

scienceman001 avatar Apr 18 '24 11:04 scienceman001