search

replay-framework / replay

Fork of the Play1 Framework
Other
20 stars 11 forks source link

Add `SameSite` attribute support for cookies #73

Open asolntsev opened 2 years ago

asolntsev commented 2 years ago

Basically we need the same changes as in https://github.com/playframework/play1/pull/1369/files

cies commented 1 year ago

I've put this in the NGINX that sits in front of every instance of RePlay (mainly to offload static file serving):

    # In some versions of Chrome (80'ish) this is required for accepting the cookies in iframes
    # Yes, it's a hack. But fixing it in Play would require Netty4 (now on 3).
    # As browsers are steadily making policies against 3rd party cookies,
    # this setting will probably be useless at some point.
    # See also: https://github.com/codeborne/replay/issues/73
    proxy_cookie_path / "/; Secure; SameSite=None";

Apparently we do not have to wait for Netty4 :)

asolntsev commented 1 year ago

Yes, I was thinking that probably we could throw away Netty, and use plain Java http server which is built in Java 6+. At least in our projects, the biggest advantage of Netty was effective serving of static resource. But this problem can (and should!) be easily solved by Nginx.

cies commented 1 year ago

I cannot imagine Netty beats Nginx for static serving. It showed that our response times improved when I introduced offloading of static requests to Nginx.

But for development I really like my FW to serve static requests! (have not tested putting a dockered Nginx in front of the RePlay app that runs on the host machine; not even sure if docker does that).