#5011 Fix to set Secure attribute on cookie when SameSite=none #5064
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jaiminpanchal27
approved these changes
Apr 2, 2020
src/storageManager.js
Outdated
| @@ -64,7 +64,9 @@ export function newStorageManager({gvlid, moduleName, moduleType} = {}) { | |||
| if (result && result.valid) { | |||
| const domainPortion = (domain && domain !== '') ? ` ;domain=${encodeURIComponent(domain)}` : ''; | |||
| const expiresPortion = (expires && expires !== '') ? ` ;expires=${expires}` : ''; | |||
| document.cookie = `${key}=${encodeURIComponent(value)}${expiresPortion}; path=/${domainPortion}${sameSite ? `; SameSite=${sameSite}` : ''}`; | |||
| var isNone = (sameSite != null && sameSite.toLowerCase() == 'none') | |||
| var secure = (isNone) ? '; Secure' : ''; | |||
There was a problem hiding this comment.
Can you use const here and for isNone as well.
There was a problem hiding this comment.
Made requested change to use const. Thanks.
bretg
added
the
needs 2nd review
mkendall07
approved these changes
Apr 7, 2020
rjvelicaria
pushed a commit
to openx/Prebid.js
that referenced
this pull request
Apr 9, 2020
…rebid#5064) * prebid#5011 Fix to set Secure attribute on cookie when SameSite=none * Minor change to use const instead of var per review request.
redaguermas
added a commit
to redaguermas/Prebid.js
that referenced
this pull request
Apr 16, 2020
* 'master' of https://github.com/prebid/Prebid.js: (102 commits) Marsmedia - Add vastXml and fix id response (prebid#5067) PubMatic adapter to support image sync (prebid#5104) minor consentManagement fix (prebid#5050) fix circle ci failing tests (prebid#5113) Add Relaido Adapter (prebid#5101) Add new bid adapter for ConnectAd (prebid#4806) change payload (prebid#5105) Utils updates (prebid#5092) Read OpenRTB app objects if set in config + bug fix for when ad units are reloaded (prebid#5086) Criteo : added first party data mapping to bidder request (prebid#4954) updateAdGenerationManual (prebid#5032) New bid adapter: Wipes (prebid#5051) Prebid manager analytics utm tags (prebid#4998) CRITEO RTUS Integration with Yieldmo Prebid (prebid#5075) isSafariBrowser update (prebid#5077) Support min &max duration for onevideo (prebid#5079) increment pre version Prebid 3.15.0 release prebid#5011 Fix to set Secure attribute on cookie when SameSite=none (prebid#5064) Prebid adapter for windtalker (prebid#5040) ...
iggyfisk
pushed a commit
to happypancake/Prebid.js
that referenced
this pull request
Jun 22, 2020
…rebid#5064) * prebid#5011 Fix to set Secure attribute on cookie when SameSite=none * Minor change to use const instead of var per review request.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Type of change
Description of change
This change modifies the storageManager to detect if SameSite=None is used in the set cookie options. When the value "none" is specified for SameSite the browser also requires that the cookie be marked "Secure". This change automatically applies the "Secure" attribute when samesite=none is detected.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie
Tested against DigiTrust ID that sets cookie.
(/integrationExamples/gpt/digitrust_Simple.html) sample page.
Note: this must be run over HTTPS connection to operate correctly.
Other Information
Must be run over HTTPS connection to operate correctly. Testing this over HTTP is an invalid scenario.