![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
![[site community profile]](https://www.dreamwidth.org/img/comm_staff.png){kind=small}
[dreamwidth/dw-free] fce68b: give all cookies the secure attribute on HTTPS sites
Branch: refs/heads/master Home: https://github.com/dreamwidth/dw-free Commit: fce68b6cdb2fab88074a84d352ef214d122913e1 https://github.com/dreamwidth/dw-free/commit/fce68b6cdb2fab88074a84d352ef214d122913e1 Author: Kareila kareila@dreamwidth.org Date: 2020-07-26 (Sun, 26 Jul 2020)
Changed paths: M cgi-bin/DW/Request/Base.pm
Log Message:
give all cookies the secure attribute on HTTPS sites
Momiji got a Firefox warning saying cookies with the 'sameSite' attribute set to 'none' or an invalid value would be rejected without the 'secure' attribute. This updates the add_cookie method to add the 'secure' attribute to all our cookies when LJ::PROTOCOL is https. The 'secure' attribute will cause the cookie not to be sent if the connection is not over SSL.
Commit: 5e4523ee24aa432bdf10c121f933d3c8523153c9 https://github.com/dreamwidth/dw-free/commit/5e4523ee24aa432bdf10c121f933d3c8523153c9 Author: Kareila kareila@dreamwidth.org Date: 2020-07-26 (Sun, 26 Jul 2020)
Changed paths: M cgi-bin/DW/Request/Base.pm M doc/dependencies-cpanm
Log Message:
give all cookies SameSite=Lax on dev servers
I think the comment I left encapsulates the situation as I understand it, but expect further developments. (In particular I read that Chrome would start enforcing SameSite=Lax by default at some point, so if we do in fact need SameSite=None, we will need to make that explicit in the future.)
Compare: https://github.com/dreamwidth/dw-free/compare/de0aac61d176...5e4523ee24aa