Closed blipk closed 1 year ago
The issue was in the setCookie
function in CookieManager.jsx.
samesite: "strict",
should be sameSite: "strict",
Looks like this isn't maintained, so I'm not going to bother with a PR for just that change, have fixed it myself with a fork, and so can anyone else if they read this.
@blipk if I implement this change, does the security note in the readme no longer apply?
Security Note: In shared domains such as share.streamlit.io, other web developers can have access to the cookies you set and the same goes for you. This is not to be treaded as security bug but a circumstance the developer need to be aware of.
Thanks @blipk for identifying a fix. It would have been great making a PR for it, and I will make sure to approve it and make a new version of the package including it.
They are also not "Secure":
Using this code:
Same with locally hosted or on streamlit cloud.