Issue cookies with the same-site flag

Description

Cookies should have SameSite=None to allow wikis with custom domains (e.g. scp-wiki.net, kontainer.djkakt.us) to be accepted.

Activity

Show:
bluesoul
January 9, 2021, 9:32 PM

I want to continue working with the finer details of my setsecurecookie() function to determine when you should be using the SameSite flag. I’ve been setting it everywhere and I’d like to tighten that scope a little.

Ammon Smith
January 9, 2021, 9:38 PM

I was rereading the chrome docs just now, and I think you only need to set SameSite if the cookie is for custom domains. So check if SNI matches the wikijump wildcard and do it based on that?

Though I don’t see a lot of downside to just always specifying the cookies must be SameSite=None; Secure? (or at least just the Secure flag)

Assignee

bluesoul

Reporter

Ammon Smith

Epic Link

Priority

Highest
Configure