mozilla / node-client-sessions

secure sessions stored in cookies
Mozilla Public License 2.0
759 stars 104 forks source link

Enable support for samesite=none #142

Open CriGoT opened 4 years ago

CriGoT commented 4 years ago

Updates cookies to version 0.8.* to enable using samesite=none in preparation for the upcoming change in defaults in Chrome and other browsers ref

literakl commented 4 years ago

What is the impact of ignoring this merge request? The time when Chrome will change its behaviour is very close.

octopicorn commented 4 years ago

What is the impact of ignoring this merge request? The time when Chrome will change its behaviour is very close

The impact seems to be that all cookies will be forced to samesite=lax when using Chrome now, since we can't set this property. Is there any reason this is still waiting for merge?

bernardbaker commented 4 years ago

@literakl @CriGoT @octopicorn apologies for being frank. But what's happening with this merge? I'm stuck with the older version which doesn't support SameSite. Leaving me with LAX on my app. Which has a front end in Netlify and the backend Express server on Heroku (cross - domain).

chris-codaio commented 2 years ago

I just ran into this myself trying to build support for hosting our site in an iframe (requiring a SameSite=none cookie). Would love to see this update go through.