Default behaviour works fine for Safari, Chrome and Firefox. But can Microsoft edge be added to this list?

[w-A-L-L-e]

I see there is a user agent to pin down behaviour to one browser using a regex. However we want to leave the default behaviour and just add one extra browser: microsoft edge (it also change the cookie to lax and has to get similar patch as with chrome where we change it to same_site=none instead).

What is the easiest way to accomplish this using the gem? Do I need to monkey patch the UserAgentChecker?

https://docs.microsoft.com/en-us/microsoft-edge/web-platform/site-impacting-changes

[pschinis]

If you're saying you want to set the SameSite=None only for Microsoft Edge and have the gem do nothing for other browsers, that's exactly what the user_agent_regex configuration does. If you want to exclude Microsoft Edge you can also do that by creating a regex that just matches all non-Edge browsers. Does that answer your question?

[w-A-L-L-e]

Thanks for the reply. No it's a bit different: we want to keep the current behaviour and include Microsoft Edge. Basically with the gem added everything now works correctly for Chrome+Safari but not yet for Microsoft Edge. Edge also needs the adding of SameSite=None as they followed the same samesite=Lax change that chrome applied earlier this year.

[pschinis]

The gem should currently be working for Microsoft Edge, if it's not that's a bug. I just tested with Edge 91.0.864.70 on Mac OS 11.4 and it set the SameSite=None directive. If you're not seeing that, make sure you're testing over https first and that you don't have a regex that's preventing it. If you're still not seeing SameSite=None can you provide more details about your setup?

[w-A-L-L-e]

The user reports under windows 10 it doesnt work with microsoft edge. I asked for the user agent string and got this back as reply:

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Edg/91.0.864.67

So Im guessing this is the one not working. He reports the cookie is still of type SameSite=Lax. (And it works fine for myself under macos also using chrome and safari and even firefox).

[pschinis]

I plugged this user agent string in as a test case and it seems to be working so I'm not really sure what might be going on here. The gem only sets SameSite=None if the SameSite directive isn't already set. Is it possible that your application or some other middleware is manually setting SameSite=Lax somewhere?

[w-A-L-L-e]

No, as also it works fine under macOS. I will reply in my jira ticket that it should work. Maybe the user is experiencing some kind of caching of his cookie?