search

vlaci / openconnect-sso

Wrapper script for OpenConnect supporting Azure AD (SAMLv2) authentication to Cisco SSL-VPNs
GNU General Public License v3.0
279 stars 119 forks source link

Various Javascript problems, including: 1) deprecated jQuery methods need to be updated, 2) Chrome `SameSite` attribute missing in cookies #113

Open ElectricRCAircraftGuy opened 1 year ago

ElectricRCAircraftGuy commented 1 year ago

After running openconnect-sso version 0.7.3 on Ubuntu 18.04, I see a bunch of these messages about deprecated jQuery methods which should be updated in the source code:

js: JQMIGRATE: jQuery.parseJSON is deprecated; use JSON.parse
js: JQMIGRATE: jQuery.fn.keypress() event shorthand is deprecated
js: JQMIGRATE: jQuery.fn.keydown() event shorthand is deprecated
js: JQMIGRATE: jQuery.fn.submit() event shorthand is deprecated
js: JQMIGRATE: jQuery.parseJSON is deprecated; use JSON.parse
js: JQMIGRATE: jQuery.fn.keypress() event shorthand is deprecated
js: JQMIGRATE: jQuery.fn.keydown() event shorthand is deprecated
js: JQMIGRATE: jQuery.fn.focus() event shorthand is deprecated

Other Javascript problems include these, which also printed out:

js: Refused to load the image 'https://duo.com/' because it violates the following Content Security Policy directive: "img-src 'self'  ".

js: Refused to load the image 'https://duo.com/' because it violates the following Content Security Policy directive: "img-src 'self' ux-asset-commercial.duosecurity.com ".

js: Failed collection
js: Failed collection
js: Uncaught (in promise) undefined
js: Refused to load the image 'https://duo.com/' because it violates the following Content Security Policy directive: "img-src 'self'  ".

js: Refused to load the image 'https://duo.com/' because it violates the following Content Security Policy directive: "img-src 'self' ux-asset-commercial.duosecurity.com https://certs-duo40.duosecurity.com".

js: A cookie associated with a cross-site resource at https://myvpn.whatever.com/ was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.

This Chrome one looks particularly important since it says "A future release of Chrome will only deliver cookes with cross-site requests if they are set with SameSite=None and Secure":

js: A cookie associated with a cross-site resource at https://myvpn.whatever.com/ was set without the SameSite attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with SameSite=None and Secure. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.