Open mikechambers opened 5 years ago
mikechambers
commented
5 years ago fyi, this appears to have been fixed as of this morning. The cookie is now:
Q6dA7j3mn3WPBQVW4Fvv5izQXv0q+I9ddZfGro+PognXQwjW=v1YthRgw@@R5UNot sure if the root cause was fixed, or the new cookie happened to not have invalid chars in name.
vthornheart-bng
commented
5 years ago Definitely some issues with the system that generates those, we'll have to loop back to it.
rraziel
commented
5 years ago Slightly hijacking this issue, but I started getting these warnings in Chrome, just thought I'd give a heads up:
A cookie associated with a cross-site resource at http://www.bungie.net/ was set without the SameSite attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with SameSite=None and Secure. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.
floatingatoll
commented
5 years ago Pleas file that as a new issue, it’s important and worth tracking.
On Oct 4, 2019, at 12:45, Raziel notifications@github.com wrote:
Slightly hijacking this issue, but I started getting these warnings in Chrome, just thought I'd give a heads up:
A cookie associated with a cross-site resource at http://www.bungie.net/ http://www.bungie.net/ was set without the SameSite attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with SameSite=None and Secure. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032 https://www.chromestatus.com/feature/5633521622188032.
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/Bungie-net/api/issues/1049?email_source=notifications&email_token=AAAWUDFJZFEKWGFVGEMMWC3QM6MOTA5CNFSM4I4PXYRKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEAMWREQ#issuecomment-538536082, or mute the thread https://github.com/notifications/unsubscribe-auth/AAAWUDCGOOBQQKP7SHIA663QM6MOTANCNFSM4I4PXYRA.
rraziel
commented
5 years ago vthornheart-bng
commented
5 years ago TFS 838484
mikechambers
commented
5 years ago Fyi, current name being sent is invalid again:
Q6dA7j3mn3WPBQVW4Fvu5imfAOkSy4pCZtyKuZSGrAWcAwPHGA@@The "@" is an invalid character.
vthornheart-bng
commented
5 years ago I've asked our infrastructure team to look into this situation, but I've not heard back yet. I'll ping them again.
The bungie server appears to be sending cookies with an invalid cookie name. Specifically, it is sending the following cookie name / value pair:
Q6dA7j3mn3WPBQVW4Fvv5i/QXv0q+I9ddZfGro+PognXQwjW=v1YtlRgw@@h5k
Looking at references online, "/" in cookie name appears to be invalid and is causing issues with some parsers (in my case in Dart).
For reference, from Mozilla
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie
Another summary:
https://stackoverflow.com/questions/28891266/valid-characters-in-cookie-string
which references the appropriate RFCs (RFC 6265 Section 4 with RFC 2616 Section 2.2 )
For reference here is the complete cookie header being returned from the server: