You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@couchdb.apache.org by GitBox <gi...@apache.org> on 2019/10/03 11:38:15 UTC

[GitHub] [couchdb] danielfoxp2 opened a new issue #2221: Cookie from cross-site without SameSite attribute

danielfoxp2 opened a new issue #2221: Cookie from cross-site without SameSite attribute
URL: https://github.com/apache/couchdb/issues/2221
 
 
   #  Summary
   Hello people.
   
   Chrome team are making changes in its cookie policy and it seems that it will affect Couchdb. As I didn't see this subject being discussed here I thought that would be good to start the discussion before Chrome breaks CouchDB.
   
   I'm developing an application that uses CouchDB and I'm using Cookie Authentication to allow my users to do things. Because of my architecture decisions my app demands CORS use.
   
   There is where new Chrome policy kicks in. Everytime I make a call to Couch I receive the warning:
   
   > A cookie associated with a cross-site resource at https://api.greatquestions.club/ was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.
   
   So, I'm assuming that you are not aware of this yet and if I'm wrong, please accept my appologies and my only intention is bring this subject up in order to make CouchDB continue to work properly.
   
   p.s. I removed the issue template because I think that the summary is really self explanatory and therefore the remaining sections would only add duplicated info. If I did wrong, please let me know and I'll fix it.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services