Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[SDK-1858] Create legacy samsite cookie by default #568

Merged
merged 3 commits into from
Sep 2, 2020
Merged

[SDK-1858] Create legacy samsite cookie by default #568

merged 3 commits into from
Sep 2, 2020

Conversation

adamjmcgrath
Copy link
Contributor

Description

Add a legacy SameSite cookie (one without SameSite set to 'None') for legacy browsers.

Also adding the option to turn this off (to avoid browser console warning) with the caveat that this will break silent auth for incompatible clients https://www.chromium.org/updates/same-site/incompatible-clients

References

See https://web.dev/samesite-cookie-recipes/#handling-incompatible-clients
Fixes #515

Testing

  • This change adds test coverage for new/changed/fixed functionality

Checklist

  • I have added documentation for new/changed functionality in this PR or in auth0.com/docs
  • All active GitHub checks for tests, formatting, and security are passing
  • The correct base branch is being used, if not master

@adamjmcgrath adamjmcgrath added small CH: Added PR is adding feature or functionality labels Sep 1, 2020
@adamjmcgrath adamjmcgrath added this to the vNext milestone Sep 1, 2020
@adamjmcgrath adamjmcgrath requested a review from a team September 1, 2020 12:32
stevehobbsdev
stevehobbsdev reviewed Sep 1, 2020
View reviewed changes
src/Auth0Client.ts Outdated
@@ -128,13 +133,18 @@ export default class Auth0Client {
private tokenIssuer: string;
private defaultScope: string;
private scope: string;
private CookieStorage: ClientStorage;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What's the reason for making this Title Case? Could we follow convention for other class-level props?

Copy link
Contributor Author

@adamjmcgrath adamjmcgrath Sep 2, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was generally using the convention SomeNewThingTitleCase = SomeThingTitleCase || SomeOtherThingTitleCase; - but sure, I can change to camel case

@adamjmcgrath adamjmcgrath merged commit f4391f6 into master Sep 2, 2020
@adamjmcgrath adamjmcgrath deleted the legacy-samesite branch September 2, 2020 09:59
@adamjmcgrath adamjmcgrath mentioned this pull request Sep 4, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@stevehobbsdev stevehobbsdev stevehobbsdev approved these changes

Assignees

@stevehobbsdev stevehobbsdev

Labels
CH: Added PR is adding feature or functionality
Projects
None yet
Milestone
v1.12.0
Development

Successfully merging this pull request may close these issues.

Invalid State Error on Ipad safari and chrome
2 participants
@adamjmcgrath @stevehobbsdev