Smalltalk › Frameworks & Tools › Seaside › Seaside Development

Cookie tracking and SameSite setting

_‹ Previous Topic Next Topic _›

Classic

List

Threaded

3 messages Options

Esteban A. Maringolo

Nov 28, 2020; 6:25pm

Cookie tracking and SameSite setting

2343 posts

Hi all,

I have an application that has a Cookie based tracking strategy, but
given that the SameSite setting is hardcoded to be 'Strict' it forbids
(and actually breaks) the behavior of my Seaside app when it is
embedded into an <iframe> in a third party domain.

Should this SameSite setting be configurable somehow?

The only way I found to do this was by subclassing the tracking strategy class.

Regards,

Esteban A. Maringolo
_______________________________________________
seaside-dev mailing list
[hidden email]
http://lists.squeakfoundation.org/mailman/listinfo/seaside-dev

Max Leske

Dec 01, 2020; 8:18pm

Re: Cookie tracking and SameSite setting

1618 posts

Hi Esteben,

Interesting case. I guess we didn't think about that. Usually you wouldn't want to share the tracking cookie with another domain but that might be a valid case

This should probably be solved by updating the configurations (which can be tough), so if you feel up to it we'd appreciate a PR with such a change.

Cheers,
Max

On 28 Nov 2020, at 19:25, Esteban Maringolo wrote:

> Hi all,
>
> I have an application that has a Cookie based tracking strategy, but
> given that the SameSite setting is hardcoded to be 'Strict' it forbids
> (and actually breaks) the behavior of my Seaside app when it is
> embedded into an <iframe> in a third party domain.
>
> Should this SameSite setting be configurable somehow?
>
> The only way I found to do this was by subclassing the tracking strategy class.
>
> Regards,
>
> Esteban A. Maringolo
> _______________________________________________
> seaside-dev mailing list
> [hidden email]
> http://lists.squeakfoundation.org/mailman/listinfo/seaside-dev

... [show rest of quote]

_______________________________________________
seaside-dev mailing list
[hidden email]
http://lists.squeakfoundation.org/mailman/listinfo/seaside-dev

signature.asc (849 bytes) Download Attachment

Esteban A. Maringolo

Dec 04, 2020; 11:17pm

Re: Cookie tracking and SameSite setting

2343 posts

Hi Max,

I'll create the issue, at least as a reminder.

Regards!

Esteban A. Maringolo

On Tue, Dec 1, 2020 at 5:18 PM Max Leske <[hidden email]> wrote:

>
> Hi Esteben,
>
> Interesting case. I guess we didn't think about that. Usually you wouldn't want to share the tracking cookie with another domain but that might be a valid case
>
> This should probably be solved by updating the configurations (which can be tough), so if you feel up to it we'd appreciate a PR with such a change.
>
>
> Cheers,
> Max
>
> On 28 Nov 2020, at 19:25, Esteban Maringolo wrote:
>
> > Hi all,
> >
> > I have an application that has a Cookie based tracking strategy, but
> > given that the SameSite setting is hardcoded to be 'Strict' it forbids
> > (and actually breaks) the behavior of my Seaside app when it is
> > embedded into an <iframe> in a third party domain.
> >
> > Should this SameSite setting be configurable somehow?
> >
> > The only way I found to do this was by subclassing the tracking strategy class.
> >
> > Regards,
> >
> > Esteban A. Maringolo
> > _______________________________________________
> > seaside-dev mailing list
> > [hidden email]
> > http://lists.squeakfoundation.org/mailman/listinfo/seaside-dev
> _______________________________________________
> seaside-dev mailing list
> [hidden email]
> http://lists.squeakfoundation.org/mailman/listinfo/seaside-dev

... [show rest of quote]

_______________________________________________
seaside-dev mailing list
[hidden email]
http://lists.squeakfoundation.org/mailman/listinfo/seaside-dev