dilanSachi
commented
1 year ago Looks like the cookie sent from backend is blocked. But this works in firefox though
Closed dilanSachi closed 1 year ago
dilanSachi
commented
1 year ago Looks like the cookie sent from backend is blocked. But this works in firefox though
dilanSachi
commented
1 year ago This is due to https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#security
when sending cookies, modern browsers doesn't allow cross site cookies without same-site=none; secure attribute. But inorder to make it secure, we need to use HTTPs
dilanSachi
commented
1 year ago Note: The standard related to SameSite recently changed (MDN documents the new behavior above). See the cookies [Browser compatibility](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite#browser_compatibility) table for information about how the attribute is handled in specific browser versions:
SameSite=Lax is the new default if SameSite isn't specified. Previously, cookies were sent for all requests by default.
Cookies with SameSite=None must now also specify the Secure attribute (they require a secure context).
Cookies from the same domain are no longer considered to be from the same site if sent using a different scheme (http: or https:).A cookie with the Secure attribute is only sent to the server with an encrypted request over the HTTPS protocol. It's never sent with unsecured HTTP (except on localhost), which means [man-in-the-middle](https://developer.mozilla.org/en-US/docs/Glossary/MitM) attackers can't access it easily. Insecure sites (with http: in the URL) can't set cookies with the Secure attribute.Found that we can port forward the backend service in k8s to listen on localhost so that cross-site issue wont come up.
kubectl port-forward svc/frontend-svc-local 31873:9098
Description: Even after adding an item to the cart, it shows the cart as empty. Looks like the
session-id-cookieis renewed in every new request. This does'nt appear when running in docker