webcompat.com icon indicating copy to clipboard operation
webcompat.com copied to clipboard

Published 20 hours ago verified publisher icon webcompat

Run localhost over TLS (so cookies still work)

Open miketaylr opened this issue 5 years ago • 2 comments

Cookie “session” will be soon rejected because it has the “sameSite” attribute set to “none” or an invalid value, without the “secure” attribute. To know more about the “sameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite

That would be a bummer.

miketaylr avatar Jul 21 '20 18:07 miketaylr

Oh whoops, I forgot about this:

https://github.com/webcompat/webcompat.com/blob/793511d946e13b9883327f7e9ba1390cad60de4e/config/init.py#L160-L164

What this means is some point soon, these cookies might get rejected for local development and we'll need to have localhost served over TLS.

miketaylr avatar Jul 21 '20 18:07 miketaylr

https://letsencrypt.org/docs/certificates-for-localhost/

miketaylr avatar Jul 21 '20 18:07 miketaylr