Set to SameSite to None for auth cookie

pendulum-chain / vortex

https://app.vortexfinance.co/

1 stars 1 forks source link

Set to SameSite to None for auth cookie #296

Closed gianfra-t closed 11 hours ago

gianfra-t commented 11 hours ago

Another unforeseen fix required after #257

Cookies were set to SameSite=Strict, the issue is that our backend and frontend don't share the same home domain, and the cookie cannot be set on the deployment.

Regarding security: This would open the possibility to CSRF attacks BUT we are also using CORS and limiting requests to the backend only from our deployments, so there should be no risk of that.

netlify[bot] commented 11 hours ago

Deploy Preview for pendulum-pay ready!

Name	Link
Latest commit	ddfef882f1fc6ca5af6db3475a1817ba9e8a9239
Latest deploy log	https://app.netlify.com/sites/pendulum-pay/deploys/6740787c649e3d0008642947
Deploy Preview	https://deploy-preview-296--pendulum-pay.netlify.app
Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

gianfra-t commented 11 hours ago

Oh that would be very nice. I didn't know it was possible. Certainly a good idea for production.

pendulum-chain / vortex

Set to SameSite to None for auth cookie #296

✅ Deploy Preview for pendulum-pay ready!

Deploy Preview for pendulum-pay ready!