You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cordova.apache.org by GitBox <gi...@apache.org> on 2019/10/18 08:40:45 UTC

[GitHub] [cordova-android] meishier opened a new issue #850: Ready for Chrome 80's [Cookies default to SameSite=Lax] ? 

meishier opened a new issue #850: Ready for Chrome 80's [Cookies default to SameSite=Lax] ? 
URL: https://github.com/apache/cordova-android/issues/850
 
 
   I noticed warnings in my chrome debug console,
   
   ```
   A cookie associated with a cross-site resource at http://xxx.xxx.xxx.xxx/ was set 
   without the SameSite attribute. A future release of Chrome will only deliver cookies
    with cross-site requests if they are set with SameSite=None and Secure. You can review 
   cookies in developer tools under Application>Storage>Cookies and see more details at 
   https://www.chromestatus.com/feature/5088147346030592 and 
   https://www.chromestatus.com/feature/5633521622188032.
   ```
   
   After some digging by google,  I tested
   1. add cookie header [SameSite=Lax] on server
   1. run my cordova android application.
   1. my application does not work for authenticated user, because cookie JSessionId is not sent to server any more. (we send cookie to server from local html file's webview by ajax or xhr)
   
   Actually chrome tell us we should set SameSite=None+Secure for cookie in Chrome 80, and that's a solution precisely. But for some reason, we can not do that. According to Apple's WkWebview [Bug 198181 - Cookies with SameSite=None or SameSite=invalid treated as Strict](https://bugs.webkit.org/show_bug.cgi?id=198181) ,  the fix is only for 10.15 and iOS 13 and later ver, and that means, If we set SameSite=None+Secure on server, our iOS application will not work also for iOS 12 and before ver.  
   
   Is there any other simple solution to deal with our situation? any suggestions will be greatly appreciated.
   
   ref: https://textslashplain.com/2019/09/30/same-site-cookies-by-default

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cordova.apache.org
For additional commands, e-mail: commits-help@cordova.apache.org