Open jahlen opened 3 years ago
Hey @jahlen, there were some fixes that went out relating to how Functions could be used for setting cookies. Is this issue still happening?
Hey @miwebst, yes the problem remains. The cookie is still set as samesite=strict even if I set it to lax:
req.HttpContext.Response.Cookies.Append(CookieName, state, new CookieOptions { HttpOnly = true, SameSite = SameSiteMode.Lax, Secure = true});
Here is the source code.
I've tried many ways to circumvent it, but I always get a samesite=strict cookie.
Hi @jahlen, thanks for bringing this to our attention! We are looking into this and will post here when we have a fix for this out. Thanks for your patience!
Hey @mkarmark, is there any update on this issue?
I'm running into the same problem: any cookie returned by an Azure function (I'm using a static web app + functions) with SameSite set to lax
is changed to strict
.
I'm using node. My project is setup with a proxy but this issue also happens for functions that don't match the proxy.
context.res = {
status: 200,
cookies: [{
name: 'HelloWorld',
value: 'abc',
path: '/',
sameSite: 'Lax',
}],
};
My temporary workaround is to return the cookie string to the front end and set it from there...but that is far from ideal.
Pinging this thread again. Any updates?
I ran to the same issue, apparently; it happens only in chrome while it works perfectly fine in Safari. at least this is what happens to me, Are you using Chrome?
I was indeed testing on Chrome.
@re-sounding, apparently there is a bug related to cookies with google chrome, they are planning something long term with their cookies -> https://blog.google/products/chrome/updated-timeline-privacy-sandbox-milestones/ you can read more here: https://blog.heroku.com/chrome-changes-samesite-cookie
according to my investigation setting sameSite to 'Lax' solves the chrome issue, but I found Azure-function doesn't set sameSite at all, it completely ignores it! It's apparently another bug for Function app :(
PS: I'm using Node + FunctionApp
any update on the function app side?
Hi, any update on this issue? Having the same issue described above...
Hi!
I have developed a quickstart template for Azure Static Web App / Hugo / Netlify CMS. https://github.com/jahlen/hugo-azure-static-webapp
It implements Netlify CMS to GitHub authentication via an Azure Function (found under /api/OAuth.cs). For the OAuth authentication, I tried saving the state in a cookie, but it won't work. Here's my code where I set the cookie:
The problem is that the cookie is NOT included when the users is sent to the redirect_uri, even if it is on the same domain. If I manually go to the redirect_uri in my browser, the cookie will be included. Maybe this is a difference in behavior between strict and lax? I note that it sets samesite to strict even if I specify it to be lax.
Anything wrong I am doing with the cookie?