Chrome now only delivers cookies with cross-site requests if they are set with `SameSite=None` and `Secure`
cesine opened this issue · comments
Logging in causes a redirect loop because the cookie is not being set:
A cookie associated with a cross-site resource at http://corpus.example.org/ was set without the `SameSite` attribute. It has been blocked, as Chrome now only delivers cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032. +186ms
browser:request 200 https://corpus.example.org/_session +594ms
browser:console LOG Percent complete https://corpus.example.org/_session : 100 +3ms
browser:console LOG user is authenticated +12ms
browser:console LOG INIT +0ms
browser:console LOG AUTHENTICATION INIT +1ms
browser:console LOG Initializing confidentiality module +0ms
browser:request Continuing https://themes.googleusercontent.com/static/fonts/gentiumbasic/v4/KCktj43blvLkhOTolFn-MU3vq9dAc3DuCNWjMJNKvGE.woff +65ms
browser:console LOG Loading user +50ms
browser:console LOG loadEncryptedUser +0ms
browser:console WAR USERPREFERENCE WARN: preferedDashboardType is deprecated use preferredDashboardLayout instead +20ms
browser:console LOG saveFielDBUserToUser +4ms
browser:console LOG USER init +0ms
browser:console LOG USERGENERIC init +0ms
browser:console LOG USER PREFERENCE init +2ms
browser:console LOG USER PREFERENCE init +9ms
browser:console LOG UserMask init +2ms
browser:console LOG App.changePouch setting connection: +0ms
browser:console LOG JSHandle@object +1ms
browser:console LOG Saving the UserMask +0ms
browser:console WAR Not saving usermaks, db is not set yet +1ms
browser:console LOG saveAndEncryptUserToLocalStorage +0ms
browser:console LOG App.changePouch setting connection: +18ms
browser:console LOG JSHandle@object +0ms
browser:console LOG Creating backbone objects +2ms
browser:console LOG TOOD Use the fielddb app to load the dashboard +0ms
browser:console LOG CORPUS INIT +3ms
browser:console LOG SESSION init +1ms
browser:console LOG DATALIST init +1ms
browser:console LOG Loading the backbone objects +0ms
browser:console LOG loadBackboneObjectsByIdAndSetAsCurrentDashboard +0ms
browser:console LOG CORPUS INIT +2ms
browser:console LOG App.changePouch setting connection: +0ms
browser:console LOG JSHandle@object +0ms
browser:request Continuing https://corpus.example.org/lingllama-communitycorpus/89bc4d7dcc2b1fc9a7bb0f4f4743e705 +75ms
browser:console WAR APP WARN: An app of type App has become automagically available to all fielddb objects +9ms
browser:request Continuing https://localhost:61487/images/loader.gif +3ms
browser:request 200 https://localhost:61487/images/loader.gif +57ms
browser:request 401 https://corpus.example.org/lingllama-communitycorpus/89bc4d7dcc2b1fc9a7bb0f4f4743e705 +89ms
browser:console ERR Failed to load resource: the server responded with a status of 401 (Unauthorized) +148ms
browser:console LOG There was an error fetching corpus +2ms
https://serverfault.com/questions/849888/add-samesite-to-cookies-using-nginx-as-reverse-proxy
location / {
# your usual config ...
# hack, set all cookies to secure, httponly and samesite (strict or lax)
proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict";
}
fixed using these notes pouchdb/pouchdb#8226
server {
listen 443;
server_name corpus.example.org;
ssl on;
....
location / {
...
include proxy.conf;
proxy_cookie_path / "/; secure; HttpOnly; SameSite=none";
proxy_pass http://localhost:5984;
}
}