search

Wruczek / ts-website

A website for your TeamSpeak 3 server
https://ts.wruczek.tech
GNU General Public License v3.0
337 stars 80 forks source link

Add Secure and SameSite Attribute #180

Closed xopez closed 2 years ago

xopez commented 3 years ago

We should set both attributes. Firefox already gives a warning in console that in the future it will rejected if SameSite is none and it hasn't the secure attribute. I translated the warning in the console:

The cookie "tswebsite_sessionid" will soon be rejected in the future because it specifies either "None" or an invalid value for the "SameSite" attribute without using the "secure" attribute. For more information about the "SameSite" attribute, see https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite.

I have already tested this new cookie placements for my site and it's working quite fine.

For the SameSite attribute we can discuss.

Wruczek commented 3 years ago

This is not ideal - it will break all installations not using HTTPS.

xopez commented 3 years ago

That is true. I guess the besst way would be to leave it out or to implement a check which scheme was used.