Issues with SameSite origin on Firefox

balderdashy / sails.io.js

Browser SDK for communicating w/ Sails via sockets

https://sailsjs.com/documentation/reference/web-sockets/socket-client

183 stars 118 forks source link

Issues with SameSite origin on Firefox #128

Open G0x209C opened 2 years ago

G0x209C commented 2 years ago

Because the socket session id is set as a SameSite None cookie without secure, it gets removed by Firefox.

This means this entire library does not work with current versions of Firefox when the frontend client is hosted separately from the backend sails.js framework.

Pls fix this.. Issue

G0x209C commented 2 years ago

After thoroughly debugging and going through the codebase I figured out this has to do with the sails framework configuration. A headache and 3 cups of coffee later: Set in config/session.js { cookie:{ secure: true } }

G0x209C commented 2 years ago

However, another issue springs from this.. During development this could prevent you from user-testing your code in both FireFox and Safari as the SameSite secure:false setting leads to instant deletion of the session id cookie instantly.