Closed balmas closed 4 years ago
balmas
commented
4 years ago I don't believe any flask changes are required but we do need to update google analytics and auth0 cookie handling code.
For google analytics the solution at https://www.simoahava.com/analytics/cookieflags-field-google-analytics/ appears to work for now:
ga('create', 'UA-XXXXX-Y', {
cookieFlags: 'max-age=7200;secure;samesite=none'
});the external cookies (google analytics and auth0) are addressed but to made this adjustment to the flask session cookie we need to upgrade Flask and its libraries so that we can get the fix in pallets/werkzeug#1549
balmas
commented
4 years ago It should only be an issue if we wanted to support the texts site being run in an iframe from another domain though, so I think it's not critical, although there might be other reasons to upgrade Flask. Will enter a new issue for us to consider at some point.
see https://blog.chromium.org/2019/10/developers-get-ready-for-new.html