Cookie tracking and SameSite setting

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Cookie tracking and SameSite setting

Esteban A. Maringolo
Hi all,

I have an application that has a Cookie based tracking strategy, but
given that the SameSite setting is hardcoded to be 'Strict' it forbids
(and actually breaks) the behavior of my Seaside app when it is
embedded into an <iframe> in a third party domain.

Should this SameSite setting be configurable somehow?

The only way I found to do this was by subclassing the tracking strategy class.

Regards,

Esteban A. Maringolo
_______________________________________________
seaside-dev mailing list
[hidden email]
http://lists.squeakfoundation.org/mailman/listinfo/seaside-dev
Reply | Threaded
Open this post in threaded view
|

Re: Cookie tracking and SameSite setting

Max Leske
Hi Esteben,

Interesting case. I guess we didn't think about that. Usually you wouldn't want to share the tracking cookie with another domain but that might be a valid case

This should probably be solved by updating the configurations (which can be tough), so if you feel up to it we'd appreciate a PR with such a change.


Cheers,
Max

On 28 Nov 2020, at 19:25, Esteban Maringolo wrote:

> Hi all,
>
> I have an application that has a Cookie based tracking strategy, but
> given that the SameSite setting is hardcoded to be 'Strict' it forbids
> (and actually breaks) the behavior of my Seaside app when it is
> embedded into an <iframe> in a third party domain.
>
> Should this SameSite setting be configurable somehow?
>
> The only way I found to do this was by subclassing the tracking strategy class.
>
> Regards,
>
> Esteban A. Maringolo
> _______________________________________________
> seaside-dev mailing list
> [hidden email]
> http://lists.squeakfoundation.org/mailman/listinfo/seaside-dev

_______________________________________________
seaside-dev mailing list
[hidden email]
http://lists.squeakfoundation.org/mailman/listinfo/seaside-dev

signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Cookie tracking and SameSite setting

Esteban A. Maringolo
Hi Max,

I'll create the issue, at least as a reminder.

Regards!

Esteban A. Maringolo

On Tue, Dec 1, 2020 at 5:18 PM Max Leske <[hidden email]> wrote:

>
> Hi Esteben,
>
> Interesting case. I guess we didn't think about that. Usually you wouldn't want to share the tracking cookie with another domain but that might be a valid case
>
> This should probably be solved by updating the configurations (which can be tough), so if you feel up to it we'd appreciate a PR with such a change.
>
>
> Cheers,
> Max
>
> On 28 Nov 2020, at 19:25, Esteban Maringolo wrote:
>
> > Hi all,
> >
> > I have an application that has a Cookie based tracking strategy, but
> > given that the SameSite setting is hardcoded to be 'Strict' it forbids
> > (and actually breaks) the behavior of my Seaside app when it is
> > embedded into an <iframe> in a third party domain.
> >
> > Should this SameSite setting be configurable somehow?
> >
> > The only way I found to do this was by subclassing the tracking strategy class.
> >
> > Regards,
> >
> > Esteban A. Maringolo
> > _______________________________________________
> > seaside-dev mailing list
> > [hidden email]
> > http://lists.squeakfoundation.org/mailman/listinfo/seaside-dev
> _______________________________________________
> seaside-dev mailing list
> [hidden email]
> http://lists.squeakfoundation.org/mailman/listinfo/seaside-dev
_______________________________________________
seaside-dev mailing list
[hidden email]
http://lists.squeakfoundation.org/mailman/listinfo/seaside-dev