Issue cookies with the same-site flag

Description

Cookies should have SameSite=None to allow wikis with custom domains (e.g. scp-wiki.net, kontainer.djkakt.us) to be accepted.

Environment

Activity

Show:

bluesoul

January 9, 2021, 9:32 PM

Copy link to comment

I want to continue working with the finer details of my setsecurecookie() function to determine when you should be using the SameSite flag. I’ve been setting it everywhere and I’d like to tighten that scope a little.

Ammon Smith

January 9, 2021, 9:38 PM

Copy link to comment

I was rereading the chrome docs just now, and I think you only need to set SameSite if the cookie is for custom domains. So check if SNI matches the wikijump wildcard and do it based on that?

Though I don’t see a lot of downside to just always specifying the cookies must be SameSite=None; Secure? (or at least just the Secure flag)

Assignee

bluesoul

Reporter

Ammon Smith

Labels

1.0.0

authentication

Epic Link

Priority

Highest

Configure

Wikijump Board